Drupal 8.6.9 RCE Exploiting with Python (CVE-2019-6340/SA-CORE-2019-003)
iSpeech.org
Today, Ronald Eddings from SecDevOps.ai joins me to demonstrate a recently reported highly critical vulnerability on Drupal 8. On February 20, 2019 the REST web services in Drupal 8.6.9 were reported as vulnerable to remote code execution via shell injection done through deserialized data passed to the REST API. We demonstrate how the vulnerability works.
https://www.ambionics.io/blog/drupal8-rce
https://www.drupal.org/sa-core-2019-003
https://www.drupal.org/project/drupal/releases/8.6.9
https://github.com/g0rx/Drupal-SA-CORE-2019-003/blob/master/cve-2019-6340.py
https://github.com/DevDungeon/CVE-2019-6340-Drupal-8.6.9-REST-Auth-Bypass
source
0 Responses to Drupal 8.6.9 RCE Exploiting with Python (CVE-2019-6340/SA-CORE-2019-003)