Attacking Drupal

Views: 105Leveraging Known Vulnerabilities Over the years, Drupal core has suffered from a few serious remote code execution vulnerabilities, each dubbed Drupalgeddon. At the time of writing, there are 3 Drupalgeddon vulnerabilities in existence. Drupalgeddon Manual exploitation As stated previously, this flaw can be exploited by leveraging a pre-authentication SQL injection which can be used to … Read more

Walkthrough – VulnHUB DC-1

Views: 40Enumeration Nmap scan Nmap scan reveals that the target is running a website based on Drupal CMS on port 80. Newer installs of Drupal by default block access to the CHANGELOG.txt and README.txt files, so we may need to do further enumeration. Although the target is running an older version of Drupal (7), these two files are not present … Read more