On March 28, 2018, a patch for a highly critical vulnerability, which facilitates remote code execution against the Drupal content management system was released. The vulnerability was identified by Jasper Mattson of Druid and is covered by SA-2018-002 and CVE-2018-7600. Prior to the release of the patch, Drupal had given advanced notice of its impending release and potential consequences tied to the ease of the vulnerability’s exploitation. This sparked concerns of a new “Drupalgeddon”, where a large number of unpatched websites would be compromised. This comes on the heels of a major Drupal vulnerability from October 2014 that was widely exploited by advanced persistent threat (APT) actors and criminals that Volexity detailed in a previous blog post title Drupal Vulnerability: Mass Scans & Targeted Exploitation. In a post dated April 13, 2018, the Drupal team stated the following: The security team is now aware of automated attacks attempting to compromise Drupal […]
Drupal
-
Drupalgeddon 2: Profiting from Mass Exploitation
April 16, 2018
by Matthew Meltzer, Steven Adair
-
Drupal Vulnerability: Mass Scans & Targeted Exploitation
October 16, 2014
by Volexity
Yesterday (October 15, 2014), a critical SQL injection vulnerability in version 7 of the popular open source content management system (CMS) Drupal was disclosed by Stefan Horst and detailed in SA-CORE-2014-005. The description of the vulnerability is rather harrowing: Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks. This vulnerability can be exploited by anonymous users. If you think this sounds pretty bad, you are spot on. Along with the advisory, a patch was released to fix the security issue. Unfortunately, patches are also often leveraged to identify exactly how to exploit such vulnerabilities. In this case, it was only […]