Drupal

Drupalgeddon (<7.58, <8.5.1, <8.46, <8.3.9) - CVE-2018-7600

All version of drupal lower than 7.58 are vulnerable to RCE.

ruby drupalgeddon2.rb http://<ip>/
LogoGitHub - dreadlocked/Drupalgeddon2: Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)GitHub

From Admin to Reverse Shell

Firstly we need to enable PHP filter on Modules tab.

And go to Content -> +Add Content -> Article, select PHP code as Text Format and finally introduce the reverse shell on the body.

Finally clicking Preview button a reverse shell is spawned to our listener.

Config files

Database Connection

PreviousJenkinsNextWordpress

Last updated

Was this helpful?