mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-09 19:17:37 +02:00
0xMarcio
3.3 KiB
3.3 KiB
CVE-2014-3704
Description
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
POC
Reference
- http://packetstormsecurity.com/files/128720/Drupal-7.X-SQL-Injection.html
- http://packetstormsecurity.com/files/128720/Drupal-7.X-SQL-Injection.html
- http://packetstormsecurity.com/files/128721/Drupal-7.31-SQL-Injection.html
- http://packetstormsecurity.com/files/128721/Drupal-7.31-SQL-Injection.html
- http://packetstormsecurity.com/files/128741/Drupal-HTTP-Parameter-Key-Value-SQL-Injection.html
- http://packetstormsecurity.com/files/128741/Drupal-HTTP-Parameter-Key-Value-SQL-Injection.html
- http://seclists.org/fulldisclosure/2014/Oct/75
- http://seclists.org/fulldisclosure/2014/Oct/75
- http://www.exploit-db.com/exploits/34984
- http://www.exploit-db.com/exploits/34984
- http://www.exploit-db.com/exploits/34993
- http://www.exploit-db.com/exploits/34993
- http://www.exploit-db.com/exploits/35150
- http://www.exploit-db.com/exploits/35150
- http://www.openwall.com/lists/oss-security/2014/10/15/23
- http://www.openwall.com/lists/oss-security/2014/10/15/23
- https://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html
- https://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html
- https://www.sektioneins.de/en/blog/14-11-03-drupal-sql-injection-vulnerability-PoC.html
- https://www.sektioneins.de/en/blog/14-11-03-drupal-sql-injection-vulnerability-PoC.html
Github
- https://github.com/0ps/pocassistdb
- https://github.com/1120362990/vulnerability-list
- https://github.com/20142995/pocsuite3
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/AleDiBen/Drupalgeddon
- https://github.com/BCyberSavvy/Python
- https://github.com/CCrashBandicot/helpful
- https://github.com/CLincat/vulcat
- https://github.com/CyberSavvy/python-pySecurity
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/HimmelAward/Goby_POC
- https://github.com/SexyBeast233/SecBooks
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/Z0fhack/Goby_POC
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/enomothem/PenTestNote
- https://github.com/happynote3966/CVE-2014-3704
- https://github.com/hxysaury/saury-vulnhub
- https://github.com/ipirva/NSX-T_IDS
- https://github.com/jweny/pocassistdb
- https://github.com/kalivim/pySecurity
- https://github.com/koutto/jok3r-pocs
- https://github.com/maya6/-scan-
- https://github.com/moradotai/CMS-Scan
- https://github.com/smartFlash/pySecurity
- https://github.com/superfish9/pt
- https://github.com/superlink996/chunqiuyunjingbachang
- https://github.com/t0m4too/t0m4to
- https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough
- https://github.com/xinyisleep/pocscan