Drupal Exploits – script to detect versions


We are currently seeing a high volume of Drupal exploits running a lot of arbitrary code, including crypto mining, attacking other servers and similar due to this exploit  https://www.drupal.org/sa-core-2018-002

 

If you want to find out if you have any vulnerable Drupal installs quickly and easily i wrote a shell script for that . Just run the following from console

wget --no-check-certificate http://blog.rimuhosting.com/files/drupaldetect.sh

bash drupaldetect.sh

 

It will output something like this ..

root@servername:~# bash drupaldetct.sh  
You have version 7.58  located at /var/www/vsc/  
You have version 7.58  located at /var/www/vsfrts/  
You have version 7.23  located at /var/www/corehtapts/  
Looks like Drupal at /var/www/mgvec/ , but can't tell the version 
You have version 7.50  located at /var/www/courtland/drupal/  
You have version 7.0  located at /var/www/richvvrve/drupal/  
You have version 7.58  located at /var/www/mrvegc2/  
You have version 7.32  located at /var/www/ridvervee/drupal/ 

Any version prior to 7.58 is exploitable, and its safe to assume you should replace ALL the files as per https://www.drupal.org/docs/develop/security/your-drupal-site-got-hacked-now-what