Security analysts from SektionEins have found a vital SQL Injection vulnerability in Drupal CMS that leaves an outsized range of internet sites that uses Drupal in danger.
Drupal introduced a information abstraction API in version seven. The aim of this API is to forestall SQL Injection attacks by sanitizing SQL Queries.
But, this API itself introduced a replacement and demanding SQL Injection vulnerability. The vulnerability allows attackers to run malicious SQL queries, PHP code on vulnerable websites. A prosperous exploitation permits hackers to require complete management of the positioning.
This vulnerability are often exploited by a non-authenticated user and has been classified as "Highly Critical" one.
SektionEins did not unharness the POC however discharged AN informative with technical details.
The vulnerability exists within the expandArguments perform that is employed for increasing arrays to handle SQL queries with "IN" Operator.
The vulnerability affects Drupal core seven.x versions previous. Users of 7.x versions area unit suggested to update their CMS in real time.
You can additionally directly modify the "includes database.inc" file to patch this vulnerability; amendment the "foreach ($data as $i => $value) {" in 739 line.
An evidence of Concept has been discharged online that permits anybody to change the secret word of administrator record. In this way, better Hurry UP! Overhaul your Drupal CMS.
One of the reddit client "fyukyuk" posted a HTTP post ask for that endeavors this helplessness. -
The accompanying python Code changes the administrator secret key of powerless Drupal to "administrator" (Tested with Drupal forms 7.21,7.31).
**HACKING TOOLS WITH TUTORIALS & FULLZ AVAILABLE**
ReplyDelete(High Quality, Genuine Seller)
=>Contact 24/7<=
Telegram> @killhacks
ICQ> 752822040
Fullz info included
NAME+SSN+DOB+DL+DL-STATE+ADDRESS
Employee & Bank details included
High credit fullz with DL 700+
(bulk order negotiable)
**Payment in all crypto currencies will be accepted**
->You can buy few for testing
->Invalid or wrong info will be replaced
->Serious buyers needed for long term
TOOLS & TUTORIALS AVAILABLE FOR:
"SPAMMING" "HACKING" "CARDING" "CASH OUT"
"KALI LINUX" "BLOCKCHAIN BLUE PRINTS"
**TOOLS & TUTORIALS LIST**
->Ethical Hacking Tools & Tutorials
->Kali Linux
->Keylogger & Keystroke Logger
->Facebook & Google Hacking
->Bitcoin Flasher
->SQL Injector
->Paypal Logins
->Bitcoin Cracker
->SMTP Linux Root
->DUMPS with pins track 1 and 2
->SMTP's, Safe Socks, Rdp's brute, VPN
->Php mailer
->SMS Sender & Email Blaster
->Cpanel
->Server I.P's & Proxies
->Viruses
->Premium Accounts (netflix cracker, paypal logins, pornhub, amazon)
->HQ Email Combo
If you are searching for a valid vendor, it's very prime chance.
You'll never be disappointed.
**You should try at least once**
Contact 24/7
Telegram> @killhacks
ICQ> 752822040