CVE-2019-6340

This repository contains a functional exploit for CVE-2019-6340, a remote code execution vulnerability in Drupal 8's REST API. The exploit leverages deserialization to execute arbitrary commands on the target system.

This repository contains a working proof-of-concept exploit for CVE-2019-6340, a deserialization vulnerability in Drupal 8. The exploit leverages a crafted payload to achieve remote code execution (RCE) via the GuzzleHttp library.

This is a functional exploit for CVE-2019-6340, targeting Drupal 8's REST services to achieve unauthenticated remote code execution via deserialization gadgets in the Guzzle HTTP client library. The PoC automates node discovery, vulnerability checking, and command execution.

This PoC exploits a deserialization vulnerability in Drupal (CVE-2019-6340) to achieve remote code execution by crafting a malicious JSON payload with a GuzzleHttp object. The exploit leverages the REST API to trigger the payload, executing arbitrary PHP functions.

This PoC exploits CVE-2018-7600 in Drupal 8 via REST API endpoints to achieve remote code execution (RCE). It sends crafted payloads to '/node/1' and '/user/register' endpoints to trigger deserialization vulnerabilities.

This repository contains a working exploit for CVE-2019-6340, a Drupal RESTful Web Services authentication bypass leading to remote code execution via deserialization. The exploit leverages a crafted payload to execute arbitrary commands on the target system.

This repository contains a functional Perl exploit for CVE-2019-6340, targeting Drupal 8's REST module RCE vulnerability. The exploit leverages deserialization via crafted JSON payloads to achieve remote code execution.

This repository contains a functional Perl exploit for CVE-2019-6340, a deserialization vulnerability in Drupal 8's REST module. The exploit crafts a malicious payload to achieve remote code execution (RCE) by leveraging the insecure deserialization of user-supplied data.

This exploit leverages a deserialization vulnerability in Drupal 8.6.x (CVE-2019-6340) via the RESTful Web Services module to achieve remote code execution. It crafts a malicious payload using GuzzleHttp's FnStream and HandlerStack classes to execute arbitrary commands.

This is a functional exploit for CVE-2019-6340, targeting Drupal 8's RESTful API module. It leverages deserialization via Guzzle HTTP client gadgets to achieve unauthenticated remote code execution (RCE).

The repository contains only a README and a Drupal settings.php file, with no actual exploit code or proof-of-concept. It appears to be part of a vulnerable container management tool (Cved) but lacks functional exploit details.

This repository contains analysis artifacts and an example playbook for CVE-2019-6340, a Drupal RESTful RCE vulnerability. The playbook is a Phantom SOAR automation script for incident response, not an exploit.

This exploit leverages a deserialization vulnerability in Drupal 8.6.9's REST module by sending a crafted HAL+JSON request with a serialized payload to achieve remote code execution (RCE). The payload is generated using PHPGGC to exploit Guzzle's deserialization behavior.

This Metasploit module exploits a PHP unserialize() vulnerability in Drupal RESTful Web Services (CVE-2019-6340) by sending a crafted request to the /node REST endpoint. It supports multiple HTTP methods (GET, POST, PATCH, PUT) and includes checks for vulnerability and patch status.

This exploit leverages a deserialization vulnerability in Drupal's REST services to achieve unauthenticated remote code execution. It uses Guzzle gadgets to execute arbitrary commands on the target system.

This Metasploit module exploits a PHP unserialize() vulnerability in Drupal RESTful Web Services (CVE-2019-6340) by sending a crafted request to the /node REST endpoint. It supports multiple HTTP methods (GET, POST, PATCH, PUT) and leverages PHP object injection via GuzzleHttp to achieve remote code execution.