CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-05-23 23:14:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
ae7c8ffaeab2dbdfe8daabfe5c8c852b33cc867f
CVEs-PoC/2014/CVE-2014-3704.md
T
0xMarcio d4008b737b Update CVE sources 2024-08-15 18:54
2024-08-15 18:54:34 +00:00

61 lines
2.8 KiB
Markdown
Raw Blame History

### [CVE-2014-3704](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3704)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
### Description
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
### POC
#### Reference
- http://packetstormsecurity.com/files/128720/Drupal-7.X-SQL-Injection.html
- http://packetstormsecurity.com/files/128721/Drupal-7.31-SQL-Injection.html
- http://packetstormsecurity.com/files/128741/Drupal-HTTP-Parameter-Key-Value-SQL-Injection.html
- http://seclists.org/fulldisclosure/2014/Oct/75
- http://www.exploit-db.com/exploits/34984
- http://www.exploit-db.com/exploits/34993
- http://www.exploit-db.com/exploits/35150
- http://www.openwall.com/lists/oss-security/2014/10/15/23
- https://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html
- https://www.sektioneins.de/en/blog/14-11-03-drupal-sql-injection-vulnerability-PoC.html
#### Github
- https://github.com/0ps/pocassistdb
- https://github.com/1120362990/vulnerability-list
- https://github.com/20142995/pocsuite3
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/AleDiBen/Drupalgeddon
- https://github.com/BCyberSavvy/Python
- https://github.com/CCrashBandicot/helpful
- https://github.com/CLincat/vulcat
- https://github.com/CyberSavvy/python-pySecurity
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/HimmelAward/Goby_POC
- https://github.com/SexyBeast233/SecBooks
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/Z0fhack/Goby_POC
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/catsploit/catsploit
- https://github.com/enomothem/PenTestNote
- https://github.com/happynote3966/CVE-2014-3704
- https://github.com/hxysaury/saury-vulnhub
- https://github.com/ipirva/NSX-T_IDS
- https://github.com/jweny/pocassistdb
- https://github.com/kalivim/pySecurity
- https://github.com/koutto/jok3r-pocs
- https://github.com/maya6/-scan-
- https://github.com/moradotai/CMS-Scan
- https://github.com/q99266/saury-vulnhub
- https://github.com/smartFlash/pySecurity
- https://github.com/superfish9/pt
- https://github.com/superlink996/chunqiuyunjingbachang
- https://github.com/t0ffe/CybSec_Course_Project_II
- https://github.com/t0m4too/t0m4to
- https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough
- https://github.com/xinyisleep/pocscan
Reference in New Issue View Git Blame Copy Permalink