..
For this vulnerability we have to access the Drupal web inside this server
and to exploit this there is a hint already given for the vulnerability CVE-2014-3704
Or we can also check the exact version installed on the server by checking /CHANGELOG.txt
The Drupal version is 7.31 installed.
For this I found a public exploit which is SQLi written in PHP
https://www.exploit-db.com/exploits/34993/
Just change the URL and run the exploit
Exploit successful, now we can login in drupal with admin:admin
Got the admin access.
Twitter / Hack The Box / CTF Team / Teck_N00bs Community Telegram
Comments