Drupal

Enumeration

After identifying a Drupal site, one of the first pieces of information you should try to identify is the version of Drupal running:

curl -s https://parzival.sh/CHANGELOG.txt

Droopescan

droopescan scan drupal -u https://parzival.sh

Exploitation

Drupalgeddon

Older installations of Drupal are vulnerable to a remote code execution vulnerability dubbed "Drupalgeddon". There is a Metasploit module which works well for exploiting this vulnerability:

use exploit/unix/webapp/drupal_drupalgeddon2

PreviousCMS NextWordpress

Last updated 1 year ago