Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2018-7600

Description

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

POC

Reference

- https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714

- https://github.com/a2u/CVE-2018-7600

- https://github.com/g0rx/CVE-2018-7600-Drupal-RCE

- https://greysec.net/showthread.php?tid=2912&pid=10561

- https://groups.drupal.org/security/faq-2018-002

- https://research.checkpoint.com/uncovering-drupalgeddon-2/

- https://www.exploit-db.com/exploits/44448/

- https://www.exploit-db.com/exploits/44449/

- https://www.exploit-db.com/exploits/44482/

- https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know

Github

- https://github.com/0ang3el/drupalgeddon2

- https://github.com/0x0d3ad/Kn0ck

- https://github.com/0xAJ2K/CVE-2018-7600

- https://github.com/0xConstant/CVE-2018-7600

- https://github.com/0xConstant/ExploitDevJourney

- https://github.com/0xMrNiko/Awesome-Red-Teaming

- https://github.com/0xT11/CVE-POC

- https://github.com/0xh4di/PayloadsAllTheThings

- https://github.com/0xkasra/CVE-2018-7600

- https://github.com/0xkasra/ExploitDevJourney

- https://github.com/0xsyr0/OSCP

- https://github.com/1120362990/vulnerability-list

- https://github.com/189569400/Meppo

- https://github.com/20142995/nuclei-templates

- https://github.com/20142995/pocsuite3

- https://github.com/20142995/sectool

- https://github.com/3vikram/Application-Vulnerabilities-Payloads

- https://github.com/84KaliPleXon3/Payloads_All_The_Things

- https://github.com/AMatheusFeitosaM/OSCP-Cheat

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ARPSyndicate/kenzer-templates

- https://github.com/AakaGoyal/CloudandWebSecurity

- https://github.com/AakaGoyal/OffensiveSecurity

- https://github.com/Amar224/Pentest-Tools

- https://github.com/AnonVulc/Pentest-Tools

- https://github.com/Anwar212/drupal

- https://github.com/Astrogeorgeonethree/Starred

- https://github.com/Astrogeorgeonethree/Starred2

- https://github.com/Atem1988/Starred

- https://github.com/Aukaii/notes

- https://github.com/Awrrays/FrameVul

- https://github.com/Azziz-77/R3_Reproducing

- https://github.com/BabulSecX/CRTP-

- https://github.com/BabulSecX/eJPT

- https://github.com/Beijaflore-Security-LAB/cveexposer

- https://github.com/BugBlocker/lotus-scripts

- https://github.com/CLincat/vulcat

- https://github.com/CVEDB/PoC-List

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/CVEDB/top

- https://github.com/ClumsyLulz/DScanner

- https://github.com/CrackerCat/myhktools

- https://github.com/CyAxe/lotus-scripts

- https://github.com/Cyberleet1337/Payloadswebhack

- https://github.com/CybermonkX/COMPREHENSIVE-CYBERSECURITY-ATTACK-AND-DEFENSE-SIMULATION

- https://github.com/Damian972/drupalgeddon-2

- https://github.com/Delishsploits/PayloadsAndMethodology

- https://github.com/Desm0ndChan/OSCP-cheatsheet

- https://github.com/Dowonkwon/drupal-cve-2018-7600-poc

- https://github.com/DynamicDesignz/Alien-Framework

- https://github.com/Dynamo7001/HammedO

- https://github.com/Elsfa7-110/kenzer-templates

- https://github.com/EnriqueSanchezdelVillar/NotesHck

- https://github.com/Faizan-Khanx/OSCP

- https://github.com/FireFart/CVE-2018-7600

- https://github.com/GhostTroops/TOP

- https://github.com/GhostTroops/myhktools

- https://github.com/GuynnR/Payloads

- https://github.com/H1CH444MREB0RN/PenTest-free-tools

- https://github.com/HackersParadisee/eJPTv2-Cheatsheet

- https://github.com/HackersParadisee/eJPTv2-Notes

- https://github.com/Hestat/drupal-check

- https://github.com/HimmelAward/Goby_POC

- https://github.com/HugoAPortela/Criando-Agente-Deteccao-Vulnerabilidades-Arquiteturas

- https://github.com/ImranTheThirdEye/AD-Pentesting-Tools

- https://github.com/JERRY123S/all-poc

- https://github.com/JFR-C/Boot2root-CTFs-Writeups

- https://github.com/JFR-C/Windows-Penetration-Testing

- https://github.com/Jean-Francois-C/Boot2root-CTFs-Writeups

- https://github.com/Jean-Francois-C/Windows-Penetration-Testing

- https://github.com/M-Abid34/CVE-2018-7600

- https://github.com/Maarckz/PayloadParaTudo

- https://github.com/Mehedi-Babu/pentest_tools_repo

- https://github.com/MelanyRoob/Goby

- https://github.com/Mr-Tree-S/POC_EXP

- https://github.com/MrPWH/Pentest-Tools

- https://github.com/MrR0b0t19/Easy-JPT

- https://github.com/MrR0b0t19/Easy-JTP

- https://github.com/Muhammd/Awesome-Payloads

- https://github.com/NAYLINNU/PayloadAllTheThings

- https://github.com/Nieuport/PayloadsAllTheThings

- https://github.com/NyxAzrael/Goby_POC

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/PWN-Kingdom/Test_Tasks

- https://github.com/PaloAltoNetworks/research-notes

- https://github.com/Pav-ksd-pl/PayloadsAllTheThings

- https://github.com/Prodject/Kn0ck

- https://github.com/Project-WARMIND/Exploit-Modules

- https://github.com/PuddinCat/GithubRepoSpider

- https://github.com/ROBOT-X-cyber/outils_audit_cms

- https://github.com/Ra7mo0on/PayloadsAllTheThings

- https://github.com/ReflectedThanatos/OSCP-cheatsheet

- https://github.com/S3cur3Th1sSh1t/My-starred-Repositories

- https://github.com/S3cur3Th1sSh1t/Pentest-Tools

- https://github.com/SPuerBRead/kun

- https://github.com/SantoriuHen/NotesHck

- https://github.com/SaraArif6198/SQL-Injection-Report

- https://github.com/SecPentester/CVE-7600-2018

- https://github.com/SenukDias/OSCP_cheat

- https://github.com/SexyBeast233/SecBooks

- https://github.com/Sh4dowX404Unknown/Drupalgeddon2

- https://github.com/SirElmard/ethical_hacking

- https://github.com/Soldie/PayloadsAllTheThings

- https://github.com/SyedGhufranRaza/CVE-2018-7600-Remote-Code-Execution

- https://github.com/Tealalal/Enterprise-Network-Architecture-and-Attack-and-Defense

- https://github.com/Threekiii/Awesome-Exploit

- https://github.com/Threekiii/Awesome-POC

- https://github.com/Threekiii/Vulhub-Reproduce

- https://github.com/UltramanGaia/POC-EXP

- https://github.com/VishuGahlyan/OSCP

- https://github.com/Waseem27-art/ART-TOOLKIT

- https://github.com/Wh1teHatUn1c0rn/RedOps-Framework

- https://github.com/WingsSec/Meppo

- https://github.com/XPR1M3/Payloads_All_The_Things

- https://github.com/XiaomingX/awesome-poc-for-red-team

- https://github.com/YellowVeN0m/Pentesters-toolbox

- https://github.com/YgorAlberto/Ethical-Hacker

- https://github.com/YgorAlberto/ygoralberto.github.io

- https://github.com/Z0fhack/Goby_POC

- https://github.com/ZTK-009/RedTeamer

- https://github.com/a2u/CVE-2018-7600

- https://github.com/alexfrancow/Exploits

- https://github.com/amitnandi04/Common-Vulnerability-Exposure-CVE-

- https://github.com/andrysec/PayloadsAllVulnerability

- https://github.com/anhtu97/PayloadAllEverything

- https://github.com/anldori/CVE-2018-7600

- https://github.com/anquanscan/sec-tools

- https://github.com/antonio-fr/DrupalRS

- https://github.com/apkadmin/PayLoadsAll

- https://github.com/aylincetin/PayloadsAllTheThings

- https://github.com/aymankhder/Windows-Penetration-Testing

- https://github.com/badigervijay/AI-Based-Threat-Intelligence-Platform

- https://github.com/bakery312/Vulhub-Reproduce

- https://github.com/banomaly/CVE-2018-7600

- https://github.com/banomaly/ExploitDevJourney

- https://github.com/bigblackhat/oFx

- https://github.com/cc8700619/poc

- https://github.com/cfreal/ten

- https://github.com/chanchalpatra/payload

- https://github.com/chriskaliX/PHP-code-audit

- https://github.com/cjgratacos/drupalgeddon2-test

- https://github.com/cocomelonc/vulnexipy

- https://github.com/cved-sources/cve-2018-7600

- https://github.com/cyberanand1337x/bug-bounty-2022

- https://github.com/cyberharsh/DrupalCVE-2018-7602

- https://github.com/dark-vex/CVE-PoC-collection

- https://github.com/daynis-olman/drupalgeddon-shell-exploit

- https://github.com/do0dl3/myhktools

- https://github.com/dr-iman/CVE-2018-7600-Drupal-0day-RCE

- https://github.com/dreadlocked/Drupalgeddon2

- https://github.com/drugeddon/drupal-exploit

- https://github.com/dwisiswant0/CVE-2018-7600

- https://github.com/edisonrivera/HackTheBox

- https://github.com/elinakrmova/RedTeam-Tools

- https://github.com/emtee40/win-pentest-tools

- https://github.com/emzkie2018/S4nji1-Drupalgeddon2

- https://github.com/enomothem/PenTestNote

- https://github.com/exfilt/CheatSheet

- https://github.com/falocab/PayloadsAllTheThings

- https://github.com/fazilbaig1/oscp

- https://github.com/fengjixuchui/RedTeamer

- https://github.com/firefart/CVE-2018-7600

- https://github.com/fyraiga/CVE-2018-7600-drupalgeddon2-scanner

- https://github.com/g0rx/CVE-2018-7600-Drupal-RCE

- https://github.com/g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks

- https://github.com/gameFace22/vulnmachine-walkthrough

- https://github.com/getanehAl/Windows-Penetration-Testing

- https://github.com/githubfoam/yara-sandbox

- https://github.com/gobysec/Goby

- https://github.com/hack-parthsharma/Pentest-Tools

- https://github.com/happynote3966/CVE-2018-7600

- https://github.com/hectorgie/PoC-in-GitHub

- https://github.com/hellochunqiu/PayloadsAllTheThings

- https://github.com/hktalent/TOP

- https://github.com/hktalent/bug-bounty

- https://github.com/hktalent/myhktools

- https://github.com/huimzjty/vulwiki

- https://github.com/imoki/imoki-poc

- https://github.com/ipirva/NSX-T_IDS

- https://github.com/iqrok/myhktools

- https://github.com/jared1981/More-Pentest-Tools

- https://github.com/jbmihoub/all-poc

- https://github.com/jenriquezv/OSCP-Cheat-Sheets

- https://github.com/jirojo2/drupalgeddon2

- https://github.com/jitmondal1/OSCP

- https://github.com/jstang9527/gofor

- https://github.com/jyo-zi/CVE-2018-7600

- https://github.com/kato83/poc-vulnerability-advisor

- https://github.com/kdandy/pentest_tools

- https://github.com/kgwanjala/oscp-cheatsheet

- https://github.com/khansiddique/VulnHub-Boot2root-CTFs-Writeups

- https://github.com/killeveee/CVE-2018-7600

- https://github.com/killvxk/Awesome-Exploit

- https://github.com/kk98kk0/Payloads

- https://github.com/knqyf263/CVE-2018-7600

- https://github.com/kodamap/epss_mcp

- https://github.com/koutto/jok3r-pocs

- https://github.com/ksw9722/PayloadsAllTheThings

- https://github.com/lanjelot/ctfs

- https://github.com/legionhunter/outils_audit_cms

- https://github.com/lnick2023/nicenice

- https://github.com/lorddemon/drupalgeddon2

- https://github.com/ludy-dev/drupal8-REST-RCE

- https://github.com/madneal/codeql-scanner

- https://github.com/markroxor/pentest-resources

- https://github.com/maya6/-scan-

- https://github.com/merlinepedra/Pentest-Tools

- https://github.com/merlinepedra25/Pentest-Tools

- https://github.com/merlinepedra25/Pentest-Tools-1

- https://github.com/mr-won/CVE-2018-7600.

- https://github.com/mr-won/Drupal_Remote_Code_Injection

- https://github.com/mrhacker51/ReverseShellCommands

- https://github.com/muhammedkayag/CVE-2018-7600

- https://github.com/murksombra/rmap

- https://github.com/n0-traces/cve_monitor

- https://github.com/ncinfinity69/asulo

- https://github.com/neoblackied/drupal1

- https://github.com/nevidimk0/PayloadsAllTheThings

- https://github.com/nika0x38/CVE-2018-7600

- https://github.com/nitishbadole/Pentest_Tools

- https://github.com/nixawk/labs

- https://github.com/nxme/php-uicode-issues-drupal

- https://github.com/oneplus-x/MS17-010

- https://github.com/oneplus-x/Sn1per

- https://github.com/openx-org/BLEN

- https://github.com/opflep/Drupalgeddon-Toolkit

- https://github.com/oscpname/OSCP_cheat

- https://github.com/osogi/NTO_2022

- https://github.com/ozkanbilge/Payloads

- https://github.com/parth45/cheatsheet

- https://github.com/password520/RedTeamer

- https://github.com/pathakabhi24/Pentest-Tools

- https://github.com/persian64/CVE-2018-7600

- https://github.com/pimps/CVE-2018-7600

- https://github.com/pjgmonteiro/Pentest-tools

- https://github.com/plzheheplztrying/cve_monitor

- https://github.com/qazbnm456/awesome-cve-poc

- https://github.com/qiantu88/test

- https://github.com/qiushan996/PentestWriteups

- https://github.com/r0lh/CVE-2018-7600

- https://github.com/r3dxpl0it/CVE-2018-7600

- https://github.com/rabbitmask/CVE-2018-7600-Drupal7

- https://github.com/rafaelcaria/drupalgeddon2-CVE-2018-7600

- https://github.com/rajaabdullahnasir/CVE-2018-7600-Remote-Code-Execution

- https://github.com/ranjan-prp/PayloadsAllTheThings

- https://github.com/raoufmaklouf/cve5scan

- https://github.com/raphaeltheban/Ethical-Hacker

- https://github.com/ravijainpro/payloads_xss

- https://github.com/raytran54/CVE-2018-7600

- https://github.com/resistezauxhackeurs/outils_audit_cms

- https://github.com/ret2x-tools/drupalgeddon2-rce

- https://github.com/retr0-13/Goby

- https://github.com/retr0-13/Pentest-Tools

- https://github.com/revanmalang/OSCP

- https://github.com/roguehedgehog/claire

- https://github.com/rusty-sec/lotus-scripts

- https://github.com/ruthvikvegunta/Drupalgeddon2

- https://github.com/samba234/Sniper

- https://github.com/severnake/Pentest-Tools

- https://github.com/sgniner/Pentest

- https://github.com/shellord/CVE-2018-7600-Drupal-RCE

- https://github.com/shellord/Drupalgeddon-Mass-Exploiter

- https://github.com/shhimnothere/payloadsallthethings

- https://github.com/sl4cky/CVE-2018-7600

- https://github.com/sl4cky/CVE-2018-7600-Masschecker

- https://github.com/sobinge/--1

- https://github.com/sobinge/PayloadsAllTheThings

- https://github.com/sobinge/PayloadsAllThesobinge

- https://github.com/soch4n/CVE-2018-7600

- https://github.com/stillHere3000/KnownMalware

- https://github.com/superfish9/pt

- https://github.com/t0m4too/t0m4to

- https://github.com/tea-celikik/Drupal-Exploit-Lab

- https://github.com/teamdArk5/Sword

- https://github.com/thehappydinoa/CVE-2018-7600

- https://github.com/theyoge/AD-Pentesting-Tools

- https://github.com/tomoyamachi/gocarts

- https://github.com/touchmycrazyredhat/myhktools

- https://github.com/tpdlshdmlrkfmcla/CVE-2018-7600.

- https://github.com/tpdlshdmlrkfmcla/Drupal_Remote_Code_Injection

- https://github.com/trhacknon/myhktools

- https://github.com/txuswashere/OSCP

- https://github.com/u53r55/darksplitz

- https://github.com/unusualwork/Sn1per

- https://github.com/user20252228/CVE-2018-7600.

- https://github.com/user20252228/Drupal_Remote_Code_Injection

- https://github.com/vphnguyen/ANM_CVE-2018-7600

- https://github.com/weeka10/-hktalent-TOP

- https://github.com/whirlpoolllll/ten

- https://github.com/winterwolf32/PayloadsAllTheThings

- https://github.com/xasyhack/oscp2025

- https://github.com/xasyhack/oscp_cheat_sheet_2025

- https://github.com/xbl3/awesome-cve-poc_qazbnm456

- https://github.com/xhref/OSCP

- https://github.com/xonoxitron/INE-eJPT-Certification-Exam-Notes-Cheat-Sheet

- https://github.com/xxxTectationxxx/CVE-2018-7600

- https://github.com/yak0d3/dDumper

- https://github.com/yembors64632/cve_monitor_Public

- https://github.com/ynsmroztas/drupalhunter

- https://github.com/zeralot/Dectect-CVE

- https://github.com/zhzyker/CVE-2018-7600-Drupal-POC-EXP