Feature Request: Support for Session-Cookie Form and POST-based Authentication

dreadlocked / Drupalgeddon2

Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)

579 stars 173 forks source link

Closed iammyr closed 6 years ago

iammyr commented 6 years ago

Support for exploting a website protected by authentication

via web form
submitted via POST request
eventually requiring form ID and/or other constant values appended to the credentials
returning a session cookie to use in all subsequent requests

iammyr commented 6 years ago

(would it be possible to mark this issue with the label "hacktoberfest", please? Thanks a million!)

g0tmi1k commented 6 years ago

merged