search

ambionics / phpggc

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
https://ambionics.io/blog
Apache License 2.0
3.25k stars 502 forks source link

Add Drupal9/RCE1 #141

Closed rioru closed 1 year ago

rioru commented 1 year ago

Hello,

Here's a gadgetchain for Drupal 9, should work from something like Drupal 8.9.6 up to the latest Drupal 9 version (at the time of this pull request, it is 9.4.9).

The call stack is the following:

  1. \GuzzleHttp\Cookie\FileCookieJar->__destruct()
  2. \Laminas\Diactoros\RelativeStream->__toString()
  3. \GuzzleHttp\Psr7\PumpStream->getContents()
  4. \Drupal\Core\Config\CachedStorage->read()
  5. \Drupal\Component\DependencyInjection\Container->get()
  6. \Drupal\Component\DependencyInjection\Container->createService()
  7. call_user_func_array()

🚀

cfreal commented 1 year ago

Excellent PR, thanks.