Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-9016 PoC — Drupal和Drupal Secure Password Hashes模块输入验证错误漏洞

Source
https://github.com/c0r3dump3d/wp_drupal_timing_attack
Associated Vulnerability
Title:Drupal和Drupal Secure Password Hashes模块输入验证错误漏洞 (CVE-2014-9016)
Description:Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。password hashing API是其中的一个用于创建和校验哈希密码的API。Secure Password Hashes(又名phpass)是其中的一个用于存储密码哈希值的模块。 Drupal 7.33及之前版本和Drupal Secure Password Hashes模块6.x-2.0及之前版本的password hashing API中存在安全漏洞。远程攻击者可通过发送特制请求利用该漏洞造成拒绝服务(CPU
Description
Python scripts to exploit CVE-2014-9016 and CVE-2014-9034
Readme
wp_drupal_timing_attack
=======================

Python scripts to exploit CVE-2014-9016 and CVE-2014-9034.

For legal purposes only
File Snapshot

 [4.0K]  /data/pocs/24b499a99bbaadf2932f96f4c49f238a424434bb
├── [7.3K]  Drupal_TA.py
├── [ 18K]  LICENSE
├── [ 133]  README.md
├── [ 13K]  socks.py
└── [8.0K]  Wordpress_TA.py

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.