Drupal has an insecure use of unserialize(). The exploitation of the vulnerability allowed for privilege escalation, SQL injection and, finally, remote code execution. (https://www.ambionics.io/blog/drupal-services-module-rce) We will use Exploit db code to exploit this vulnerability. (https://www.exploit-db.com/exploits/41564) Exploit 1. Determine the version of drupal. For this we can access CHANGELOG.txt from the browser, this is a drupal … Continue reading Drupal 7.x Module Services – Remote Code Execution