antonio-fr / DrupalRS

Drupal Remote Shell
4 stars 8 forks source link

Drupal Remote Shell

A remote shell using CVE-2018-7600 and CVE-2019-6340

Use : ./DRS(2).py http[s]://hostname|IP[:port]

Shell is very basic. No command completion, no directory change,...

DRS.py works with any Drupal vulnerable versions : <8.5.1, <8.4.6 , <8.3.9. and <7.58

DRS2.py works with any Drupal vulnerable versions : <8.6.10, <8.5.11 which have web service enabled with POST requests.

Requires Python 2