Reports about Drupal 7 vulnerabilities might become public creating 0 day exploits. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. This opens a question on how secure is Drupal and whos responsible for something like this? Apparently this bug was known for more than a year ( ), but nobody didn't react on . The Drupal Security Team will no longer provide support or Security Advisories for Drupal 7 core or contributed modules, themes, or other projects. Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. If an attacker was able to achieve an XSS exploit against a privileged user, they may be able to use the phpinfo page to access sensitive information that could be used to escalate the attack.
Hopefully this blog will get you sense on how vulnerable this bug is and how urgent its for you to update your Drupal 7 sites. The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to. Drupal core provides a page that outputs the markup from phpinfo() to assist with diagnosing PHP configuration.
#Drupal 7 exploit how to
Intentionally I didn't put the code in here, but obviously anyone with little bit of Drupal knowledge will know how to overcome this and construct the query which will give you full access! NOTE: This still won't allow you to login since Drupal uses SHA512 with salt so its not possible to actually login. I managed to execute SQL injection into Drupal 7 using anonymous user in a less than 30mins of trying! Looking at the actual patch which is simply: $value) SET pass= 'test123' -, :name_1 AND status = 1Īnd I just hacked myself! All my users now have 'test123' as a password in the database! Drupal is a free and open-source web content management system (CMS) written in PHP and distributed under the GNU General Public License. Yesterday Drupal security team announced highly critical bug at.
0 kommentar(er)
