Drupal

Enumeration

After identifying a Drupal site, one of the first pieces of information you should try to identify is the version of Drupal running:

curl -s https://parzival.sh/CHANGELOG.txt

Droopescan

droopescan scan drupal -u https://parzival.sh

GitHub - SamJoan/droopescan: A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.GitHub

Exploitation

Drupalgeddon

Older installations of Drupal are vulnerable to a remote code execution vulnerability dubbed "Drupalgeddon". There is a Metasploit module which works well for exploiting this vulnerability:

use exploit/unix/webapp/drupal_drupalgeddon2

Drupalgeddon Vulnerability: What is it? Are You Impacted? | Rapid7 BlogRapid7

PreviousCMS NextWordpress

Last updated 1 year ago