CVE-2019-6340 PoC — Drupal core - Highly critical - Remote Code Execution

Source

https://github.com/josehelps/cve-2019-6340-bits

Associated Vulnerability

Title:Drupal core - Highly critical - Remote Code Execution (CVE-2019-6340)
Description:Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)

Description

Bits generated while analyzing CVE-2019-6340 Drupal RESTful RCE

Readme

# cve-2019-6340-bits
Bits generated while analyzing CVE-2019-6340 Drupal RESTful RCE

* [modsec rule](modsec.rule)
* [pcap](CVE-2019-6340.pcap)
* [example nginx config](drupal_nginx.conf)
* [example logs](logs)
* [example playbook](playbook)

File Snapshot


 [4.0K]  /data/pocs/6bbbc20bd9d19fa155986b64c6629a99c9d866cf
├── [ 41K]  CVE-2019-6340.pcap
├── [ 850]  drupal_nginx.conf
├── [ 11K]  LICENSE
├── [4.0K]  logs
│   ├── [240K]  modsec_events_3_0.raw
│   └── [188K]  stream_web_events_5_3.raw
├── [ 852]  modsec.rule
├── [4.0K]  playbook
│   ├── [116K]  2019-6340-Example-Playbook.json
│   └── [7.4K]  2019-6340-Example-Playbook.py
└── [ 242]  README.md

2 directories, 9 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!