Skip to content

Commit

Permalink
Merge pull request #902 from nowak0x01/patch-2
Browse files Browse the repository at this point in the history
Added a technique that allows obtaining RCE through XSS in Drupal CMS.
  • Loading branch information
carlospolop authored Aug 12, 2024
2 parents 495183a + b4f44b8 commit 695adbd
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions network-services-pentesting/pentesting-web/drupal/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,11 @@ If you have access to the Drupal web console check these options to get RCE:
[drupal-rce.md](drupal-rce.md)
{% endcontent-ref %}

## Drupal From XSS to RCE
Through this technique, it is possible to achieve **Remote Code Execution (RCE)** in Drupal via **Cross-Site Scripting (XSS)**. https://github.com/nowak0x01/Drupalwned
<br><br>
**For more detailed steps check:** https://nowak0x01.github.io/papers/76bc0832a8f682a7e0ed921627f85d1d.html

## Post Exploitation

### Read settings.php
Expand Down

0 comments on commit 695adbd

Please sign in to comment.