<summary><strong>Learn AWS hacking from zero to hero with</strong><ahref="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
* **Node**: Drupal **indexes its content using nodes**. A node can **hold anything** such as a blog post, poll, article, etc. The page URIs are usually of the form `/node/<nodeid>`.
* **Qa'**: Drupal **indexes its content using nodes**. **Qa'** can **hold anything** such as a blog post, poll, article, etc. The page URIs are usually of the form `/node/<nodeid>`.
Drupalgeddon is the name given to a critical vulnerability that affected Drupal versions 7.x and 8.x. This vulnerability allowed remote attackers to execute arbitrary code on the affected Drupal installations. The vulnerability was caused by a lack of input sanitization in the Drupal core, specifically in the Drupalgeddon2 module.
To exploit this vulnerability, an attacker could send a specially crafted request to the target Drupal site, which would allow them to execute arbitrary code with the privileges of the web server. This could lead to a complete compromise of the affected Drupal installation.
Drupalgeddon2 is the name given to a second critical vulnerability that affected Drupal versions 7.x and 8.x. This vulnerability was similar to the original Drupalgeddon vulnerability, but with some differences in the exploitation technique.
To exploit Drupalgeddon2, an attacker could send a specially crafted request to the target Drupal site, which would allow them to execute arbitrary code with the privileges of the web server. This vulnerability was patched by the Drupal security team, but it is still important to ensure that your Drupal installation is up to date to protect against potential attacks.
###### Drupalgeddon3
Drupalgeddon3 is the name given to a third critical vulnerability that affected Drupal versions 7.x and 8.x. This vulnerability was similar to the previous Drupalgeddon vulnerabilities, but with some differences in the exploitation technique.
To exploit Drupalgeddon3, an attacker could send a specially crafted request to the target Drupal site, which would allow them to execute arbitrary code with the privileges of the web server. This vulnerability was also patched by the Drupal security team, but it is crucial to keep your Drupal installation updated to prevent any potential attacks.
###### Drupalgeddon4
Drupalgeddon4 is the name given to a fourth critical vulnerability that affected Drupal versions 7.x and 8.x. This vulnerability was similar to the previous Drupalgeddon vulnerabilities, but with some differences in the exploitation technique.
To exploit Drupalgeddon4, an attacker could send a specially crafted request to the target Drupal site, which would allow them to execute arbitrary code with the privileges of the web server. This vulnerability was also patched by the Drupal security team, but it is essential to regularly update your Drupal installation to mitigate any potential risks.
###### Drupalgeddon5
Drupalgeddon5 is the name given to a fifth critical vulnerability that affected Drupal versions 7.x and 8.x. This vulnerability was similar to the previous Drupalgeddon vulnerabilities, but with some differences in the exploitation technique.
To exploit Drupalgeddon5, an attacker could send a specially crafted request to the target Drupal site, which would allow them to execute arbitrary code with the privileges of the web server. This vulnerability was also patched by the Drupal security team, but it is important to stay vigilant and keep your Drupal installation updated to protect against any potential threats.
In older versions of Drupal **(before version 8)**, it was possible to log in as an admin and **enable the `PHP filter` module**, which "Allows embedded PHP code/snippets to be evaluated."
You need the **plugin php to be installed** (check it accessing to _/modules/php_ and if it returns a **403** then, **exists**, if **not found**, then the **plugin php isn't installed**)
Then click on _Add content_ -> Select _Basic Page_ or _Article -_> Write _php shellcode on the body_ -> Select _PHP code_ in _Text format_ -> Select _Preview_
**8.x-1.1** [**PHP Filter**](https://www.drupal.org/project/php/releases/8.x-1.1) **module is not installed by default**. To leverage this functionality, we would have to **install the module ourselves**.
4. Once the module is installed, we can click on **`Content`** and **create a new basic page**, similar to how we did in the Drupal 7 example. Again, be sure to **select `PHP code` from the `Text format` dropdown**.
### Backdoored Module
A backdoored module can be created by **adding a shell to an existing module**. Modules can be found on the drupal.org website. Let's pick a module such as [CAPTCHA](https://www.drupal.org/project/captcha). Scroll down and copy the link for the tar.gz [archive](https://ftp.drupal.org/files/projects/captcha-8.x-1.2.tar.gz).
* **The configuration above will apply rules for the / folder when we request a file in /modules. Copy both of these files to the captcha folder and create an archive.**
* **The configuration above will apply rules for the / folder when we request a file in /modules. Copy both of these files to the captcha folder and create an archive.**
<summary><strong>Learn AWS hacking from zero to hero with</strong><ahref="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
