Open syrius01 opened 6 years ago
dbjpanda
commented
6 years ago Yes It will be really great if @dreadlocked can have a look on the D6 vulnerabilities. As there will be no official patch for D6. So we really need to manually test and patch our site.
dreadlocked
commented
6 years ago I'll try, can't promise!
dbjpanda
commented
6 years ago @dreadlocked This link https://linux.m2osw.com/security-fix-drupal-6-%E2%80%94-cve-2018-7600-%E2%80%94-sa-core-2018-002 may help you to write an exploit for D6 ?
valicB
commented
6 years ago Hi!. Any news about exploiting D6?
syrius01
commented
6 years ago From what I've found it seems that Drupal 6.X would be only for Cross Site scripting (this could be wrong). Just wanted to share.
c3c
commented
6 years ago Has anyone looked into whether Dripal6 would be actually vulnerable to this exploit already?
stewpeed
commented
6 years ago Someone need a little help regarding this : https://stackoverflow.com/questions/51203052/drupal-6-form-value-retrieve
dreadlocked
commented
6 years ago Closing this issue as Drupal 6 exploit is not inside the scope.
Hi !
Thanks for sharing those PoCs with the community :) I was wondering if you know how to exploit Drupal 6.* ?
So far; Drupal 7 is with /user/password Drupal 8 is with /user/register
Thanks!