Python implementation of the remote code execution exploit for CVE-2019-6340, based on analysis of the Metasploit module and the prior work by leonjza.
Key difference from EDB-46459: uses POST instead of GET, bypassing Drupal's page cache — can be executed multiple times against the same target without waiting for cache expiration.
pip install requests
python3 exploit.py <target> -c <command> [options]
This tool is provided for educational purposes and authorized security assessments only (penetration tests, CTFs, lab environments). Running this exploit against systems without explicit written permission is illegal. The author assumes no liability for any misuse.