forked from adysec/nuclei_poc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdrupal_module-menu_export-access-bypass.yaml
51 lines (46 loc) · 1.46 KB
/
drupal_module-menu_export-access-bypass.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
id: drupal_module-menu_export-access-bypass
info:
name: drupal_module-menu_export-access-bypass
author: Bishopfox
severity: medium
description: "This module helps in exporting and importing Menu Items via the administrative interface. The module does not properly restrict access to administrative pages, allowing anonymous users to export and import menu links. There is no mitigation for this vulnerability."
reference:
- https://www.drupal.org/sa-contrib-2018-018
metadata:
security-risk: "Critical 17∕25 AC:Basic/A:None/CI:Some/II:Some/E:Exploit/TD:Uncommon"
vulnerability: "access-bypass"
fofa-query: "/sites/all/modules/menu_export/"
google-query: "inurl:'/sites/all/modules/menu_export/"
impact: medium
type: indicator
created_at: '0001-01-01T00:00:00Z'
tags: drupal
http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/sites/all/modules/menu_export/menu_export.info"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"'
- type: status
status:
- 200
- type: word
words:
- 'menu_export'
part: body
extractors:
- type: regex
name: version
part: body
group: 1
regex:
- 'version = "([0-9]+\.x-[0-9]+\.[0-9]+)"'
- type: dsl
dsl:
- compare_versions(version, '8.x-1.0')