module

Drupal Drupalgeddon 2 Forms API Property Injection

Try Surface Command

Back to search

Disclosed	Created
03/28/2018	06/14/2018

Disclosed

03/28/2018

Created

06/14/2018

Description

This module exploits a Drupal property injection in the Forms API.

Drupal 6.x,

Authors

Jasper Mattssona2uNixawkFireFartwvu

Platform

Linux,PHP,Unix

Architectures

php, cmd, x86, x64

References

Source Code
History

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:

    msf > use exploit/unix/webapp/drupal_drupalgeddon2
    msf /(2) > show actions
        ...actions...
    msf /(2) > set ACTION < action-name >
    msf /(2) > show options
        ...show and set options...
    msf /(2) > run

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today