# N/A
## 漏洞概述
Drupal核心7.x版本中的database abstraction API中的expandArguments函数未能正确构造预处理语句,导致远程攻击者可以利用包含恶意键的数组进行SQL注入攻击。
## 影响版本
Drupal 7.x版本,具体为7.32之前的版本
## 漏洞细节
expandArguments函数未能正确地处理包含精心制作的键值数组,导致预处理语句构造不正确。这可能会使系统容易受到SQL注入攻击。
## 影响
远程攻击者可能利用此漏洞,通过包含特定构造键的数组进行SQL注入,进而可能执行非授权的数据库操作。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | None | https://github.com/happynote3966/CVE-2014-3704 | POC详情 |
| 2 | CVE-2014-3704 aka Drupalgeddon - Form-Cache Injection Method | https://github.com/AleDiBen/Drupalgeddon | POC详情 |
| 3 | An rewritten POC on the CVE-2014-3704 | https://github.com/RasmusKnothNielsen/Drupalgeddon-Python3 | POC详情 |
| 4 | An rewritten POC on the CVE-2014-3704 | https://github.com/Neldeborg/Drupalgeddon-Python3 | POC详情 |
| 5 | This code is taken from "Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (Add Admin User)" and was converted to Python 3 to suit the exercise in Academy for Module "Attacking Commoon Applications" and section "Attacking Drupal". | https://github.com/joaomorenorf/CVE-2014-3704 | POC详情 |
| 6 | The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing specially crafted keys. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2014/CVE-2014-3704.yaml | POC详情 |
| 7 | None | https://github.com/Threekiii/Awesome-POC/blob/master/CMS%E6%BC%8F%E6%B4%9E/Drupal%20%207.32%20%E2%80%9CDrupalgeddon%E2%80%9D%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CVE-2014-3704.md | POC详情 |
| 8 | None | https://github.com/chaitin/xray-plugins/blob/main/poc/manual/drupal-cve-2014-3704-sqli.yml | POC详情 |
| 9 | https://github.com/vulhub/vulhub/blob/master/drupal/CVE-2014-3704/README.md | POC详情 |