mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-03 17:23:30 +08:00
44 lines
1.6 KiB
YAML
44 lines
1.6 KiB
YAML
id: drupal7-elfinder-rce
|
|
|
|
info:
|
|
name: Drupal 7 Elfinder - Remote Code Execution
|
|
author: 1337kro
|
|
severity: critical
|
|
description: |
|
|
Identifies Drupal sites with the elfinder library installed, which could be vulnerable to unrestricted file upload through the connector.php file.When this component is detected, the site may be vulnerable to remote code execution attacks via PHP file uploads.This template only detects the presence of the vulnerable component and does not perform any exploitation.
|
|
reference:
|
|
- https://github.com/Kro0oz/drupal-7-elfinder
|
|
remediation: |
|
|
Remove the elfinder library if not needed, or implement proper file upload restrictions and input validation. Additionally, consider implementing Web Application Firewall rules to block access to the connector.php file.
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
|
cvss-score: 9.8
|
|
cwe-id: CWE-434
|
|
metadata:
|
|
verified: true
|
|
fofa-query: app="drupal"
|
|
product: Drupal
|
|
vendor: Drupal
|
|
tags: drupal,elfinder,filemanager,exposure
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/sites/all/libraries/elfinder/connectors/php/connector.php"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- '{"cwd":'
|
|
|
|
- type: word
|
|
part: content_type
|
|
words:
|
|
- 'application/json'
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4a0a00473045022100b37d98c5276413f62b1fbef683732a44c8d438cba5e4db0ea593f0e74728d6c3022079e7bd1997bb8d771d8d56395f15cee885cdcd149367f00ec93f33ded6ee426b:922c64590222798bb761d5b6d8e72950 |