Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/a2u/cve-2018-7600

💀Proof-of-Concept for CVE-2018-7600 Drupal SA-CORE-2018-002
https://github.com/a2u/cve-2018-7600

cve-2018-7600 drupal drupalgeddon2 exploit poc sa-core-2018-002

Last synced: about 1 month ago
JSON representation

💀Proof-of-Concept for CVE-2018-7600 Drupal SA-CORE-2018-002

Host: GitHub
URL: https://github.com/a2u/cve-2018-7600
Owner: a2u
Created: 2018-03-30T14:23:18.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2019-03-29T11:25:57.000Z (over 5 years ago)
Last Synced: 2024-10-11T01:22:50.207Z (about 1 month ago)
Topics: cve-2018-7600, drupal, drupalgeddon2, exploit, poc, sa-core-2018-002
Language: Python
Homepage:
Size: 22.5 KB
Stars: 348
Watchers: 78
Forks: 109
Open Issues: 6
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

**IMPORTANT:**
Is provided only for educational or information purposes.

[Protect rules for ModSecurity (by fuzzylogic)](ModSecurity.txt)
[Protect rules for ModRewrite .htaccess](htaccess.txt)

---
**FOR MEDIA:**
Please do not post a link to this repository in your articles, without specifying how to protect against an attack (recommend updating Drupal, setting rules for WAF, etc.)

---
PoC based CheckPoint article.
https://research.checkpoint.com/uncovering-drupalgeddon-2/
by Eyal Shalev, Rotem Reiss and Eran Vaknin

PoC not working on Drupal 7.x. See [here](https://github.com/dreadlocked/Drupalgeddon2) for Drupal 7.x & 8.x

---
CVE-2018-7600 / SA-CORE-2018-002
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.