This task adds a check for Drupal instances which are vulnerable to Drupalgeddon2. The task supports both Drupal 7 & Drupal 8 (including an additional check for Drupal 8 in case the first one fails).
Telerik Web UI RCE (CVE-2019-18935)
As this task involves active exploitation by sending a DLL file which will be uploaded and eventually loaded by the system; it was decided to determine if this was vulnerable by fingerprinting the version. There are two different techniques to determine the version; the first is by extracting it from the response body of the index page. While the second is looking at the Last Modified Date response header associated with the Javascript files. However there are scenarios where the version cannot be detected. The check first determines if the File Upload Handler exists and if so proceeds to extract the version.
An update for the WooCommerce SQL Injection Check. Additional meta information was added about the task including the CVE number (as it was pending at the time the task was written)
Hi team,
Please find included in this PR the following:
Last Modified Dateresponse header associated with the Javascript files. However there are scenarios where the version cannot be detected. The check first determines if the File Upload Handler exists and if so proceeds to extract the version.Best regards, Maxim