Drupalgeddon2 | Drupal v7.x v8.x | Hacking library

by dreadlocked Ruby Version: Current License: No License

X-Ray Key Features Code Snippets Community Discussions(1)Vulnerabilities Install Support

kandi X-RAY | Drupalgeddon2 Summary

Drupalgeddon2 is a Ruby library typically used in Security, Hacking, Drupal applications. Drupalgeddon2 has no bugs, it has no vulnerabilities and it has low support. You can download it from GitHub.

The user/register method was chosen for Drupal v8.x, as it will return HTTP 200, and render the output in the data JSON response (un-comment the code for timezone/#lazy_builder method, which will return HTTP 500 & blind!) (More Information).

Support

Quality

Security

License

Reuse

Support

Drupalgeddon2 has a low active ecosystem.

It has 481 star(s) with 161 fork(s). There are 22 watchers for this library.

It had no major release in the last 6 months.

There are 4 open issues and 32 have been closed. On average issues are closed in 34 days. There are 1 open pull requests and 0 closed requests.

It has a neutral sentiment in the developer community.

The latest version of Drupalgeddon2 is current.

Quality

Drupalgeddon2 has 0 bugs and 0 code smells.

Security

Drupalgeddon2 has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

Drupalgeddon2 code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

Drupalgeddon2 does not have a standard license declared.

Check the repository for any license declaration and review the terms closely.

Without a license, all rights are reserved, and you cannot use the library in your applications.

Reuse

Drupalgeddon2 releases are not available. You will need to build from source code and install.

Installation instructions are not available. Examples and code snippets are available.

Top functions reviewed by kandi - BETA

kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of Drupalgeddon2

Get all kandi verified functions for this library.

Drupalgeddon2 Key Features

No Key Features are available at this moment for Drupalgeddon2.

Drupalgeddon2 Examples and Code Snippets

No Code Snippets are available at this moment for Drupalgeddon2.

Community Discussions

Trending Discussions on Drupalgeddon2

Ubuntu random command eats up 100% cup usage

QUESTION

Ubuntu random command eats up 100% cup usage

Asked 2018-May-21 at 19:57

I have set up a ubuntu server in cloud. Recently I received an alert telling me that the CPU usage of my server is always 100%. I tried to investigate the incident but I have no clue what's going on. I am hoping some one can point me to the right direction based on what i have found.

Here is what I can find:

Random command: I run "htop" to inspect which process is consuming my cpu resource. I found that a random command (named "tbq", as you can see in the pic) by "root" continues consuming my cpu resource. I tried to kill it with "kill -9 pid", but it revives instantly with a different random command. I can only stop the process with "kill -STOP pid".
elf file: I then inspect the syslog of my server, i found that the following command keeps running by "cron":

CMD (cd /usr/share/nginx/html/drupal-dev/sites/default/files;./share)

I navigate to the directory, there are few strange files with random name but with same content. I open the file with "nano", the followings are the first few lines of the file:

...

ANSWER

Answered 2018-May-21 at 18:28

Using administrator account navigate to "Management Menu > Reports > Available Updates" or you could just go to www.yourwebsitename.com/admin/reports/updates using the address bar of your browser.

If you are using Drupal 7 your Drupal core version needs to be at least 7.58
If you are using Drupal 8 your Drupal core version needs to be at least 8.5.1

If you are using below these versions, you can be sure that your server was exploited using the Drupalgeddon2 exploit.

When I was in the same situation as you I just downloaded the database and the Drupal source code form the server, updated the Drupal core and uploaded the source code and database to another server.

This fixed my problem

Source https://stackoverflow.com/questions/50442799

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install Drupalgeddon2

You can download it from GitHub.
On a UNIX-like operating system, using your system’s package manager is easiest. However, the packaged Ruby version may not be the newest one. There is also an installer for Windows. Managers help you to switch between multiple Ruby versions on your system. Installers can be used to install a specific or multiple Ruby versions. Please refer ruby-lang.org for more information.

Support

Whenever getting a cannot load such file "LoadError" type of error, do run sudo gem install <missing dependency>. In particular, you may need to install the highline dependency with sudo gem install highline. The target may redirect to another path, where Drupal exists (such as HTTP 30x responses). There is a limitations of a allowed characters that are able to be used in the payload/command. If the target is Linux, and isn't using "GNU base64", it may be the BSD version (or its not installed all together!). If the target using Windows, writing the PHP shell always fails. Drupal v8.x - ./.htaccess will stop any PHP scripts from executing in ./sites/default/ if that is the writeable folder. Drupal v8.x - "clean URL" isn't enabled on the target. Drupal v7.x - If the /user/password form is disabled, you meed find another form (remember to change the exploit!).

Find more information at: