Home / os / winmobile

Drupal RESTful Web Services unserialize() Remote Code Execution

Posted on 06 March 2019

This Metasploit module exploits a PHP unserialize() vulnerability in Drupal RESTful Web Services by sending a crafted request to the /node REST endpoint. As per SA-CORE-2019-003, the initial remediation was to disable POST, PATCH, and PUT, but Ambionics discovered that GET was also vulnerable (albeit cached). Cached nodes can be exploited only once.

 

TOP

Malware :

Exploits :