

Advisory 01/2014: Drupal – Pre Auth SQL Injection Vulnerability - martin_
https://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html

======
cmcpgh
Anyone had any luck figuring out how to get a $i to have an arbitrary string?
About to look into the ajax code for a json string which, deserialized, lands
an extra array level in the $args. Deserialization seems to be the best guess
about what Stefan Horst has in his POC, and the way to make it this way: "if
the array has keys, which are no integers."

