Drupal
Drupalgeddon (<7.58, <8.5.1, <8.46, <8.3.9) - CVE-2018-7600
All version of drupal lower than 7.58 are vulnerable to RCE.
From Admin to Reverse Shell
Firstly we need to enable PHP filter
on Modules tab.
And go to Content -> +Add Content -> Article, select PHP code as Text Format and finally introduce the reverse shell on the body.
Finally clicking Preview button a reverse shell is spawned to our listener.
Config files
Database Connection
Last updated