Samuel Mortenson: Hijacking Drupal admin accounts using REST

Note: This exploit was fixed over a year ago as a part of SA-CORE-2017-002/CVE-2017-6919, so unless your Drupal 8 site is really, really out of date, you should not be affected. When I do security research on Drupal core, I tend to focus on one class of vulnerability and pursue that until I find something.
PubDate

Tags