Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not working for one of my D7 site #1

Open
dbjpanda opened this issue Apr 18, 2018 · 2 comments
Open

Not working for one of my D7 site #1

dbjpanda opened this issue Apr 18, 2018 · 2 comments

Comments

@dbjpanda
Copy link

dbjpanda commented Apr 18, 2018
edited
Loading

I can successfully exploited my D8 site. But not working for D7 site. When I go the URl IP/file/ajax/name/%23value?action I get the output something like below
[{"command":"settings","settings":{"basePath":"\/","pathPrefix":"","ajaxPageState":{"theme":"connecting_up","theme_token":"2WrVPjfuiWL1egTHm--J-1Nx0f3Ps6F9z_zxJZ3q790"},"cufonSelectors":[]},"merge":true},{"command":"insert","method":"replaceWith","selector":null,"data":"\u003Cdiv class=\u0022messages error\u0022\u003E\n\u003Ch2 class=\u0022element-invisible\u0022\u003EError message\u003C\/h2\u003E\nAn unrecoverable error occurred. The uploaded file likely exceeded the maximum file size (8 MB) that this server supports.\u003C\/div\u003E\n","settings":null}]

But when I am trying to run your script it says Not vulnerable.
@jedthe3rd
Copy link

@dbjpanda Did you fix this problem? I am getting the same for my 8.5.0 site.

@antonio-fr
Copy link
Owner

I made some improvement on detection. I will change the message for a less affirmatively one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@antonio-fr @jedthe3rd @dbjpanda