Recurrence of CVE-2019-6339 (Drupal remote code execution vulnerability)
The environment is built by vuhlub+docker.
Drupal
Drupal is an open source content management framework (CMF) written in PHP language, which is composed of a content management system (CMS) and a PHP development framework (Framework); Drupal is an open source content management platform with multiple functions and can be used To build from personal websites to large-scale community websites.
Website building
Visit http://your-ip:8080/and set up the environment:
English must be selected here, and then the next step is by default.
Database selection sqlite:
Completed:
Vulnerability recurrence
Visit the place to upload the avatar:
upload the POC picture given by vulhub:
The default storage location of Drupal's pictures is /sites/default/files/pictures/<YYYY-MM>/, and the default storage name is its original name.
Access http://your-ip:8080/admin/config/media/file-system, the Temporary directorypreviously uploaded picture at the input path, as an example phar://./sites/default/files/pictures/年-月/图片名称, will save trigger the vulnerability.
Access to trigger the vulnerability:
analysis of the cause of the vulnerability:
Drupal 1-click to RCE analysis