gadget_chain_poc

This is a Security testing module intended to help test fixes for Gadget Chains (aka POP Chains) in Drupal applications.

[blink tag] This should never be installed on production. [/blink tag]

Features

The module simply provides a route which will pass a payload to PHP's unserialize().

The payload can be passed as a GET or a POST parameter, with the name payload.

By default, access to the route requires authentication as a user with the "administer site configuration" permission, so it would typically be necessary to include a valid session cookie with the request.

It's possible to bypass this restriction with the following in settings.php:

$settings['gadget_chain_poc_free_access'] = TRUE;

Use this override at your own risk, and with extreme caution.

Additional options

The following optional parameters can be passed along with the payload (the value is ignored).

• base64 - the payload will go through `base64_decode()` before being passed to unserialize().
• tostring - the unserialized object will be cast to a string, invoking the relevant __toString() magic method.
• output - display the result of the call to unserialize(); it will be pretty-printed as HTML by default, but can also be output as json if the GET param _format=json is sent in the request.