drupal-install: Drupal Install - 漏洞情报订阅

漏洞描述

Drupal Install panel exposed.

PoC代码[已公开]

id: drupal-install

info:
  name: Drupal Install
  author: NkxxkN
  severity: high
  description: Drupal Install panel exposed.
  metadata:
    max-request: 2
    shodan-query:
      - http.component:"drupal"
      - cpe:"cpe:2.3:a:drupal:drupal"
    product: drupal
    vendor: drupal
  tags: misconfig,drupal,install,exposure,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/install.php?profile=default"
      - "{{BaseURL}}/core/install.php"

    stop-at-first-match: true
    host-redirects: true
    max-redirects: 1
    matchers:
      - type: word
        words:
          - "<title>Choose language | Drupal</title>"
# digest: 4a0a00473045022100889c6dfc64e7e47e42139a9d50076d32999c5c989f3df786add9a6683c479cd102203dd93171bd33530cc57d2be0c4303fce55d2f4a1640873a5a983472d53085836:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/installer/drupal-install.yaml