Drupal SQL Injection Drupageddon Low Security Level
Drupal SQL Injection (Drupageddon) - Low Security Level
Solution:
Step 1. Click on Drupal and CVE-2014-3704
When you click on Drupal - Welcome to Drupageddon page will be displayed
When you click on CVE-2014-3704 - The page will give you details about the vulnerability.
Step 2. On CVE-2014-3704 page go to EXPLOIT-DB:34992
Click on the url
A new window will pop up
As shown in the video - Click on Exploit - Download - Save File - OK
Step 3. Use below commands
Open your command prompt, go to the folder where you have downloaded the file and give
Commands
python 34992.py -h
python 34992.py --target=http://10.0.2.4/drupal/ --username=PseudoTime --pwd=PseudoTime
** You can give username and pwd of your choice
Check the output
Step 4. Go to the Drupal page and login with your username & password
PseudoTime
