First of all, you need to install AppServ, if you are a windows user, you can download AppServ.
After downloading Appserv, now you need to download this php script. Download.
Now After Installing Appserv and download the drupal mass exploiter script, now go to c:\appserv\www\ and copy the php script here ( you can create a new folder in the www folder )
Like you see here i created a folder called exploits then a folder called drupal and i pasted the php script there.
Now how can you open this php script ?
Go to your web browser ( i use chrome ) then write " localhost/[path]/[name].php "
Sure replace path by the folder name ( for me it's "/exploits/drupal/" ) and [name] by the file name ( for me it's drupal.php )
then put your drupal targets on the text area and click EXPLOIT ! then you will see the result if there is a green result, that's mean that the website is vulnerable like here :
now you can login as admin, and upload your php shell !
like you see the vulnerability is sql injection used to inject the login input with a mysql query in order to change the admin password.
how can i get drupal websites ?
if you use google dorks, you can use this dork :
inurl:/user/login
Or, if use the server targeting, you can use this Python tools which developed by our team, Sure i want to thanks Matrix Coder For his good work for helping me.
You need just to create a new text file called ips.txt and put the servers ip address on it.
Thank you very much for reading my article i hope i liked it :-)
EmoticonEmoticon