Giter VIP home page Giter VIP logo

cve-2018-7600's People

Contributors

a2u avatar gmellini avatar goncalor avatar jamescullum avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

ricterz 5up3rc binddns g4mm4 attacker34 mixiyihao bbsyaya cmavr8 deadnumbers knightmare2600 blacktrace p3t3rp4rk3r zenzue 1337g imyaro foxweek chouaibhm av1080p b9sk vampire-jie haphan sysxan zarvisd stuff2600 expertasif itsns aurorafang x7art raisingagent rmanluo isachit bladeism bannsec nareshmail jijicanyu jothatron samuraisxmali julio1925 sepppenner tailoredaccessteam securylight andreaskl brianwgray mem3nt0 h3len cyberhack255 talamanaka goncalor ankitsaini2609 antemasqued after100 cmurschall andrewnimmo finack42 wifido opratr wsygoogol rangeforce codehopes sukelluskello sleepwalker-ins mohitsahunitrr fingerleakers ashrafdev richardsonlima rootedhunter ht13 nrashok gitscami adhi1234 fbarre96 dexit jsnife byx54192 r0cknrolla heikipikker charlessydney mackgerhadt bailongwang1 trirocks mgcfish 0x13337 rockmelodies abraham313 helloexp alessiodos user7837 misterch0c hacker-steroids robotx404 imulmul rakhithjk 5l1v3r1 berkotako fatinsourav echolinzi arftaklaci nosorry 3453-315h sudhakar-muthumani-04

cve-2018-7600's Issues

Syntax error when entering target website url (the ':' causes the issue)

Hi, I have 0 experience in programming but when I was running this code, my kali box kept giving me syntax errors when inputting the url of the website. Here's a screenshot:

image

I don't exactly know why, but it seemed to be fixed when I replaced the input function on line 13 with the raw_input function.

image

Hope those with the same errors find this helpful!

False negative: "Not exploitable"

This PoC assumes that the document root is writable by www-data, which is hopefully not the case for most installations. A more reliable test would be to write the file to sites/default/files/.

hhhh

author may forgot add '/',if you read the code,you can find this.
by the way,code is so short :-D
(my longming English)

What about credit on my meme? :)

Although I don't really think it's a joke, I'm spending some time on that vulnerability, and still nothing.

Maybe after the holidays someone will take it more seriously :)

And credit for my meme will be appreciated in any case :)

ModSecurity Rule reporting pattern match but not blocking

I'm attempting to use the ModSecurity rule provided but unfortunately, I cannot get it to work.

[Sat Oct 02 07:41:40.466003 2021] [:error] [pid 1739] [client 192.168.247.129:45424] [client 192.168.247.129] ModSecurity: Warning. Pattern match "#(submit|validate|pre_render|post_render|element_validate|after_build|value_callback|process|access_callback|lazy_builder)|\\[#(submit|validate|pre_render|post_render|element_validate|after_build|value_callback|process|access_callback|lazy_builder)" at ARGS_NAMES:name[#post_render][]. [file "/etc/apache2/modsecurity-crs/coreruleset-3.3.0/rules/drupal.conf"] [line "2"] [id "3295"] [hostname "www.ict379drupal7.com"] [uri "/"] [unique_id "YVgNND9KAmtIGa2izcMOBAAAAAA"]

I'm unsure as to what I'm doing wrong. The exploit is not being blocked, regardless of the pattern being detected.

adapt to drupal 6

Any idea to adpat to drupal 6 because it's also vulnerable but it answer not.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.