Drupalgeddon2 icon indicating copy to clipboard operation
Drupalgeddon2 copied to clipboard

Published 20 hours ago verified publisher icon dreadlocked

Add Drupal v6.x support

Open syrius01 opened this issue 6 years ago • 8 comments

Hi !

Thanks for sharing those PoCs with the community :) I was wondering if you know how to exploit Drupal 6.* ?

So far; Drupal 7 is with /user/password Drupal 8 is with /user/register

Thanks!

syrius01 avatar Apr 17 '18 14:04 syrius01

Yes It will be really great if @dreadlocked can have a look on the D6 vulnerabilities. As there will be no official patch for D6. So we really need to manually test and patch our site.

dbjpanda avatar Apr 18 '18 03:04 dbjpanda

I'll try, can't promise!

dreadlocked avatar Apr 19 '18 12:04 dreadlocked

@dreadlocked This link https://linux.m2osw.com/security-fix-drupal-6-%E2%80%94-cve-2018-7600-%E2%80%94-sa-core-2018-002 may help you to write an exploit for D6 ?

dbjpanda avatar Apr 25 '18 01:04 dbjpanda

Hi!. Any news about exploiting D6?

valicB avatar Apr 25 '18 08:04 valicB

From what I've found it seems that Drupal 6.X would be only for Cross Site scripting (this could be wrong). Just wanted to share.

syrius01 avatar Apr 26 '18 16:04 syrius01

Has anyone looked into whether Dripal6 would be actually vulnerable to this exploit already?

c3c avatar May 07 '18 23:05 c3c

Someone need a little help regarding this : https://stackoverflow.com/questions/51203052/drupal-6-form-value-retrieve

stewpeed avatar Jul 09 '18 09:07 stewpeed

Closing this issue as Drupal 6 exploit is not inside the scope.

dreadlocked avatar Aug 31 '18 08:08 dreadlocked