This exploit leverages a deserialization vulnerability in the Drupal Coder module (SA-CONTRIB-2016-039) to achieve remote code execution. It crafts a malicious serialized payload that injects a command into the 'old_dir' parameter, which is then executed via a data URI request to the vulnerable endpoint.
Classification
Working Poc 95%
Target:
Drupal Coder module (versions prior to the fix for SA-CONTRIB-2016-039)
No auth needed
Prerequisites:
Target must have the vulnerable Coder module installed and accessible · PHP's allow_url_fopen must be enabled · Attacker must be able to send HTTP requests to the target