CVE-2018-7600 Exploitation Attempt

Aug 21, 2020 ·

Detecting the attempt of Remote Code Execution (RCE) in Drupal Drupalgeddon

Sigma rule (View on GitHub)

 1title: CVE-2018-7600 Exploitation Attempt
 2id: d2b08fdf-11de-40f2-ba18-86095bad2432
 3status: experimental
 4description: Detecting the attempt of Remote Code Execution (RCE) in Drupal Drupalgeddon
 5references:
 6    - https://github.com/vulhub/vulhub/tree/master/drupal/CVE-2018-7600
 7author: Loginsoft Research Unit 
 8date: 2020/08/18
 9logsource:
10    product: drupal
11    category: application
12detection:
13    selection_base:
14      cs-method: 'POST'
15      c-uri-query|contains:
16        - '[#post_render][]'
17        - '[#pre_render][]'
18        - '[#access_callback][]'
19        - '[#lazy_builder][]'
20    selection_markup:
21      c-uri-query|contains:
22        - '[#markup]='
23    condition: selection_base and selection_markup
24falsepositives:
25  - Unknown
26level: critical```

References

vulhub/drupal/CVE-2018-7600 at master · vulhub/vulhub

Pre-Built Vulnerable Environments Based on Docker-Compose - vulhub/vulhub

Read More

CVE-2018-7600 Exploitation Attempt

Sigma rule (View on GitHub)

References

vulhub/drupal/CVE-2018-7600 at master · vulhub/vulhub