fix Docs page and add to report

This commit is contained in:
ophirharpazg 2020-09-01 14:16:22 +03:00
parent 0eb31a927d
commit 7288fb9814
2 changed files with 7 additions and 3 deletions

View File

@ -11,12 +11,16 @@ on a vulnerable Drupal server.
### Description ### Description
Some field types do not properly sanitize data from non-form sources in certain versions Some field types do not properly sanitize data from non-form sources in certain versions
of Drupal server. This can lead to arbitrary PHP code execution in some cases. of Drupal server.
This can lead to arbitrary PHP code execution in some cases.
### Affected Versions ### Affected Versions
* Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. * Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10.
One of the following conditions must hold:
* The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH * The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH
or POST requests; OR or POST requests; OR
* The site has another web services module enabled, like JSON:API in * The site has another web services module enabled, like JSON:API in
@ -25,7 +29,7 @@ Drupal 8, or Services or RESTful Web Services in Drupal 7.
### Notes ### Notes
* The _Infection Monkey_ exploiter implementation is based on an open-source * The Infection Monkey exploiter implementation is based on an open-source
[Python implementation](https://gist.github.com/leonjza/d0ab053be9b06fa020b66f00358e3d88/f9f6a5bb6605745e292bee3a4079f261d891738a) [Python implementation](https://gist.github.com/leonjza/d0ab053be9b06fa020b66f00358e3d88/f9f6a5bb6605745e292bee3a4079f261d891738a)
of the exploit by @leonjza. of the exploit by @leonjza.
* For the full attack to work, more than one vulnerable URL is required. * For the full attack to work, more than one vulnerable URL is required.

View File

@ -133,7 +133,7 @@ EXPLOITER_CLASSES = {
], ],
"title": "Drupal Exploiter", "title": "Drupal Exploiter",
"info": "Exploits a remote command execution vulnerability", "info": "Exploits a remote command execution vulnerability",
"link": "" "link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/drupal/"
} }
] ]
} }