Skip to content

Discovery & Enum

  • php and mysql/postgresql/sqlite
  • themes and modules like wp

Discovery

  • look for the meta tag
    • curl -s http://drupal.inlanefreight.local | grep Drupal
  • id drupal using nodes
    • Drupal indexes its content using nodes. A node can hold anything such as a blog post, poll, article, etc. The page URIs are usually of the formĀ /node/<nodeid>.
  • Note: Not every Drupal installation will look the same or display the login page or even allow users to access the login page from the internet.
  • Drupal supports three types of users by default:
    1. Administrator: This user has complete control over the Drupal website.
    2. Authenticated User: These users can log in to the website and perform operations such as adding and editing articles based on their permissions.
    3. Anonymous: All website visitors are designated as anonymous. By default, these users are only allowed to read posts.

Enum

  • curl -s http://drupal-acc.inlanefreight.local/CHANGELOG.txt | grep -m2 ""
    • get the version of drupal
  • new drupal versions block access to Changelog.txt and Readme.txt files. we may get 404.

Droopescan

  • droopescan scan drupal -u http://drupal.inlanefreight.local
  • https://www.cvedetails.com/vulnerability-list/vendor_id-1367/product_id-2387/Drupal-Drupal.html