Tuesday, 18 November 2014

Critical SQL Injection vulnerability in Drupal seven.x

Leave a Comment

Security analysts from SektionEins have found a vital SQL Injection vulnerability in Drupal CMS that leaves an outsized range of internet sites that uses Drupal in danger.

Drupal introduced a information abstraction API in version seven. The aim of this API is to forestall SQL Injection attacks by sanitizing SQL Queries. 

But, this API itself introduced a replacement and demanding SQL Injection vulnerability.  The vulnerability allows attackers to run malicious SQL queries, PHP code on vulnerable websites.  A prosperous exploitation permits hackers to require complete management of the positioning. 

This vulnerability are often exploited by a non-authenticated user and has been classified as "Highly Critical" one.

SektionEins did not unharness the POC however discharged AN informative  with technical details.

The vulnerability exists within the expandArguments perform that is employed for increasing arrays to handle SQL queries with "IN" Operator.  

The vulnerability affects Drupal core seven.x versions previous.  Users of 7.x versions area unit suggested to update their CMS in real time. 

You can additionally directly modify the "includes database.inc" file to patch this vulnerability; amendment the "foreach ($data as $i => $value) {"  in 739 line.

An evidence of Concept has been discharged online that permits anybody to change the secret word of administrator record. In this way, better Hurry UP! Overhaul your Drupal CMS. 

One of the reddit client "fyukyuk" posted a HTTP post ask for that endeavors this helplessness. - 

The accompanying python Code changes the administrator secret key of powerless Drupal to "administrator" (Tested with Drupal forms 7.21,7.31).


Post a Comment