forked from adysec/nuclei_poc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdrupal_module-exif-remote-code-execution.yaml
64 lines (59 loc) · 2.12 KB
/
drupal_module-exif-remote-code-execution.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
id: drupal_module-exif-remote-code-execution
info:
name: drupal_module-exif-remote-code-execution
author: Bishopfox
severity: medium
description: "This module enables you to automatically scan images uploaded to the site to extract their meta data and store it in taxonomy structures. The module doesnt sufficiently protect against malicious files being used to attack the site. This vulnerability is mitigated by the fact that an attacker must have permission to upload images to the site."
reference:
- https://www.drupal.org/sa-contrib-2022-015
metadata:
security-risk: "Critical 18∕25 AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:All"
vulnerability: "remote-code-execution"
fofa-query: "/sites/all/modules/exif/"
google-query: "inurl:'/sites/all/modules/exif/"
impact: medium
type: indicator
created_at: '0001-01-01T00:00:00Z'
tags: drupal
http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/sites/all/modules/exif/exif.info"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"'
- type: status
status:
- 200
- type: word
words:
- 'exif'
part: body
extractors:
- type: regex
name: version
part: body
group: 1
regex:
- 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"'
- type: dsl
dsl:
- compare_versions(version, '8.x-2.2')
- compare_versions(version, '8.x-1.2')
- compare_versions(version, '8.x-1.1')
- compare_versions(version, '8.x-1.0')
- compare_versions(version, '7.x-1.9')
- compare_versions(version, '7.x-1.8')
- compare_versions(version, '7.x-1.7')
- compare_versions(version, '7.x-1.6')
- compare_versions(version, '7.x-1.5')
- compare_versions(version, '7.x-1.4')
- compare_versions(version, '7.x-1.3')
- compare_versions(version, '7.x-1.2')
- compare_versions(version, '7.x-1.1')
- compare_versions(version, '7.x-1.0')