CVE-2014-3704 PoC — Drupal core SQL注入漏洞

Source

https://github.com/fbm31/Audit-BlackBox-Web-to-Root

Associated Vulnerability

Title:Drupal core SQL注入漏洞 (CVE-2014-3704)
Description:Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。 Drupal core 7.3之前7.x版本中的database abstraction API中‘expandArguments’函数存在安全漏洞，该漏洞源于程序没有正确构造预处理语句。远程攻击者可借助带有特制键的数组利用该漏洞实施SQL注入攻击。

Description

Audit de sécurité Black Box d'un serveur Drupal 7. Démonstration d'une Kill Chain complète : Injection SQL (CVE-2014-3704) ➔ RCE ➔ Reverse Shell ➔ Escalade vers Root (SUID). Ce dépôt contient le rapport technique détaillé, les preuves d'exploitation (PoC) et les mesures de remédiation pour sécuriser l'infrastructure.

File Snapshot


 None

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!