Hacking Drupal Website - Drupalgeddon CVE-2014-3704. Scan and Exploit Using Nmap & Metasploit RCE

CVE-2014-3704, also known as Drupalgeddon, is a critical SQL injection vulnerability in Drupal 7 that allowed unauthenticated attackers to execute arbitrary SQL commands and potentially gain full control of affected websites. It affected all V7 versions of Drupal prior to 7.32 and had a CVSS of 10. A copy of the Nmap command I ran in this video is below; nmap --script http-vuln-cve2014-3704 --script-args http-vuln-cve2014-3704.cmd="uname -a",http-vuln-cve2014-3704.uri="/drupal/" 172.16.1.59 #hacking #drupalgeddon #sql injection #sqli