Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2014-3704

Published: 16/10/2014 Updated: 29/09/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 802
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Drupal

Vulnerability Summary

The expandArguments function in the database abstraction API in Drupal core 7.x prior to 7.32 does not properly construct prepared statements, which allows remote malicious users to conduct SQL injection attacks via an array containing crafted keys.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

drupal drupal

debian debian linux 7.0

Vendor Advisories

Debian CVElist Bug Report Logs: [drupal7] CVE-2014-3704 - Drupal - pre Auth SQL Injection Vulnerability
Debian Bug report logs - #765507 [drupal7] CVE-2014-3704 - Drupal - pre Auth SQL Injection Vulnerability Package: drupal7; Maintainer for drupal7 is Gunnar Wolf <gwolf@debianorg>; Source for drupal7 is src:drupal7 (PTS, buildd, popcon) Reported by: Ingo Juergensmann <ij@2013bluespiceorg> Date: Wed, 15 Oct 2014 17: ...
Debian Security Advisories: DSA-3051-1 drupal7 -- security update
Stefan Horst discovered a vulnerability in the Drupal database abstraction API, which may result in SQL injection For the stable distribution (wheezy), this problem has been fixed in version 714-2+deb7u7 For the unstable distribution (sid), this problem has been fixed in version 732-1 We recommend that you upgrade your drupal7 packages ...

Exploits

Exploit DB: Drupal 7.X SQL Injection
Drupal versions 70 through 731 suffer from a remote SQL injection vulnerability ...
Exploit DB: Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (Remote Code Execution)
&lt;?php // _____ __ __ _ _______ // / ___/___ / /__/ /_(_)___ ____ / ____(_)___ _____ // \__ \/ _ \/ //_/ __/ / __ \/ __ \/ __/ / / __ \/ ___/ // ___/ / __/ ,&lt; / /_/ / /_/ / / / / /___/ / / / (__ ) // /____/\___/_/|_|\__/_/\____/_/ /_/_____/_/_/ /_/____/ // Poc for Drupal Pre Auth SQL Injection - (c) 2014 Sekti ...
Exploit DB: Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (PoC) (Reset Password) (1)
# Drupal 7x SQL Injection SA-CORE-2014-005 wwwdrupalorg/SA-CORE-2014-005 # Creditz to wwwredditcom/user/fyukyuk # EDB Note ~ Updated version: githubcom/kenorb/drupageddon/blob/master/drupal_7x_sql_injection_sa-core-2014-005py import urllib2,sys from drupalpass import DrupalHash # githubcom/cvangysel/gitexd- ...
Exploit DB: Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (Add Admin User)
#!/usr/bin/python # # # Drupal 7x SQL Injection SA-CORE-2014-005 wwwdrupalorg/SA-CORE-2014-005 # Inspired by yukyuk's PoC (wwwredditcom/user/fyukyuk) # # Tested on Drupal 731 with BackBox 3x # # This material is intended for educational # purposes only and the author can not be held liable for # any kind of damages done ...
Exploit DB: Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (PoC) (Reset Password) (2)
&lt;?php #-----------------------------------------------------------------------------# # Exploit Title: Drupal core 7x - SQL Injection # # Date: Oct 16 2014 # # Exploit Author: Dustin Dörr # # Software Link: htt ...

Nmap Scripts

http-vuln-cve2014-3704

Exploits CVE-2014-3704 also known as 'Drupageddon' in Drupal. Versions < 7.32 of Drupal core are known to be affected.

nmap --script http-vuln-cve2014-3704 --script-args http-vuln-cve2014-3704.cmd="uname -a",http-vuln-cve2014-3704.uri="/drupal" <target>
nmap --script http-vuln-cve2014-3704 --script-args http-vuln-cve2014-3704.uri="/drupal",http-vuln-cve2014-3704.cleanup=false <target>

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-vuln-cve2014-3704:
|   VULNERABLE:
|   Drupal - pre Auth SQL Injection Vulnerability
|     State: VULNERABLE (Exploitable)
|     IDs:  CVE:CVE-2014-3704
|       The expandArguments function in the database abstraction API in
|       Drupal core 7.x before 7.32 does not properly construct prepared
|       statements, which allows remote attackers to conduct SQL injection
|       attacks via an array containing crafted keys.
|
|     Disclosure date: 2014-10-15
|     Exploit results:
|       Linux debian 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64 GNU/Linux
|     References:
|       https://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html
|       https://www.drupal.org/SA-CORE-2014-005
|       http://www.securityfocus.com/bid/70595
|_      https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3704
http-vuln-cve2014-3704

Exploits CVE-2014-3704 also known as 'Drupageddon' in Drupal. Versions < 7.32 of Drupal core are known to be affected.

nmap --script http-vuln-cve2014-3704 --script-args http-vuln-cve2014-3704.cmd="uname -a",http-vuln-cve2014-3704.uri="/drupal" <target>
nmap --script http-vuln-cve2014-3704 --script-args http-vuln-cve2014-3704.uri="/drupal",http-vuln-cve2014-3704.cleanup=false <target>

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-vuln-cve2014-3704:
|   VULNERABLE:
|   Drupal - pre Auth SQL Injection Vulnerability
|     State: VULNERABLE (Exploitable)
|     IDs:  CVE:CVE-2014-3704
|       The expandArguments function in the database abstraction API in
|       Drupal core 7.x before 7.32 does not properly construct prepared
|       statements, which allows remote attackers to conduct SQL injection
|       attacks via an array containing crafted keys.
|
|     Disclosure date: 2014-10-15
|     Exploit results:
|       Linux debian 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64 GNU/Linux
|     References:
|       https://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html
|       https://www.drupal.org/SA-CORE-2014-005
|       http://www.securityfocus.com/bid/70595
|_      https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3704

Github Repositories

https://github.com/smartFlash/pySecurity

Python tutorials

python系列教程(翻译) ~# python &gt;&gt;&gt; import urllib &gt;&gt;&gt; from bs4 import BeautifulSoup &gt;&gt;&gt; url = urlliburlopen("wwwprimalsecuritynet") &gt;&gt;&gt; output = BeautifulSoup(urlread(), 'lxml') &gt;&gt;&gt; outputtitle &lt;title&gt;Primal Security Podcast

https://github.com/ipirva/NSX-T_IDS

NSX-T IDS with Network Container Plugin The repository contains the Kubernetes manifests for the deployment of an old Drupal (70), PHP (56), MySQL (50) setup Drupal 70 container image is built from the provided Dockerfile There are some CVEs that will trigger alarms on the IDS: MySQL DELETE tbl_name heap buffer overflow (CVE-2012-5612) Drupal 7 Preauth SQL Injection (CVE

https://github.com/CCrashBandicot/helpful

CVE & others

██╗ ██╗███████╗██╗ ██████╗ ███████╗██╗ ██╗██╗ ██║ ██║██╔════╝██║ ██╔══██╗██╔════╝██║ ██║██║ ███████║█████╗ ██║ ██████╔╝████

https://github.com/BCyberSavvy/Python

##python系列教程(翻译) ~# python &gt;&gt;&gt; import urllib &gt;&gt;&gt; from bs4 import BeautifulSoup &gt;&gt;&gt; url = urlliburlopen("wwwprimalsecuritynet") &gt;&gt;&gt; output = BeautifulSoup(urlread(), 'lxml') &gt;&gt;&gt; outputtitle &lt;title&gt;Primal Security Podca

https://github.com/CyberSavvy/python-pySecurity

##python系列教程(翻译) ~# python &gt;&gt;&gt; import urllib &gt;&gt;&gt; from bs4 import BeautifulSoup &gt;&gt;&gt; url = urlliburlopen("wwwprimalsecuritynet") &gt;&gt;&gt; output = BeautifulSoup(urlread(), 'lxml') &gt;&gt;&gt; outputtitle &lt;title&gt;Primal Security Podca

Recent Articles

DRUPAL-OPCALYPSE! Devs say best assume your CMS is owned
The Register • Darren Pauli • 30 Oct 2014

SQLi hole was hit hard, fast, and before most admins knew it needed patching

Drupal websites that had not patched seven hours after the disclosure on a "highly critical" SQL injection (SQLi) hole disclosed on 15 October are essentially hosed, the content management tool's developers say. Attacks against the vulnerability (CVE-2014-3704) in version seven of the content management system began "hours" after announcement detailing how the easily exploitable bug granted full control including the execution of malicious code to attackers. Flaw disclosers SektionEins described...

Read more...
Drupal SQL injection nasty leaves sites 'wide open' to attack
The Register • John Leyden • 16 Oct 2014

Usual drill - install the patch tout de suite

A newly patched SQL injection flaw in Drupal leaves sites that rely on the widely used web development platform wide open to attack. Admins of sites that run Drupal 7 should upgrade to 7.32 to guard against possible attack. Patching needs to take place sooner rather than later because the easy-to-exploit vulnerability hands over total control – including the ability to load malicious code - to attackers running attacks against vulnerable websites. The CVE-2014-3704 vulnerability in Drupal 7 ha...

Read more...

References

CWE-89http://www.openwall.com/lists/oss-security/2014/10/15/23https://www.drupal.org/SA-CORE-2014-005https://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.htmlhttp://www.debian.org/security/2014/dsa-3051http://secunia.com/advisories/59972http://www.exploit-db.com/exploits/34993http://packetstormsecurity.com/files/128741/Drupal-HTTP-Parameter-Key-Value-SQL-Injection.htmlhttp://packetstormsecurity.com/files/128721/Drupal-7.31-SQL-Injection.htmlhttp://www.securityfocus.com/bid/70595http://seclists.org/fulldisclosure/2014/Oct/75http://packetstormsecurity.com/files/128720/Drupal-7.X-SQL-Injection.htmlhttps://www.sektioneins.de/en/blog/14-11-03-drupal-sql-injection-vulnerability-PoC.htmlhttp://osvdb.org/show/osvdb/113371http://www.exploit-db.com/exploits/34984http://www.exploit-db.com/exploits/34992http://www.exploit-db.com/exploits/35150http://www.securityfocus.com/archive/1/533706/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765507https://nvd.nist.govhttps://github.com/smartFlash/pySecurityhttps://www.exploit-db.com/exploits/35150/https://www.debian.org/security/./dsa-3051
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook