Jump to content
Stef's Coding Community

Drupal Users need to update now.


Recommended Posts

Hackers Have Started Exploiting Drupal RCE Exploit Released Yesterday

https://thehackernews.com/2018/04/drupal-rce-exploit-code.html

Quote
Two weeks ago, Drupal security team discovered a highly critical remote code execution vulnerability, dubbed Drupalgeddon2, in its content management system software that could allow attackers to completely take over vulnerable websites.
To address this vulnerability the company immediately released updated versions of Drupal CMS without releasing any technical details of the vulnerability, giving more than a million sites enough time to patch the issue.

The Drupalgeddon2 vulnerability that affects all versions of Drupal from 6 to 8 allows an unauthenticated, remote attacker to execute malicious code on default or common Drupal installations.

If you have not updated Drupal recently, good idea to do in sooner than later.

Link to post
Share on other sites
  • LSW featured this topic

Here is another article on the hacker attacks now happening against Drupal.

Hackers Exploiting Drupal Vulnerability to Inject Cryptocurrency Miners

https://thehackernews.com/2018/04/drupal-cryptocurrency-hacking.html

Quote
Drupalgeddon2, a highly critical remote code execution vulnerability discovered two weeks ago in Drupal content management system software, was recently patched by the company without releasing its technical details.

However, just a day after security researchers at Check Point and Dofinity published complete details, a Drupalgeddon2 proof-of-concept (PoC) exploit code was made widely available, and large-scale Internet scanning and exploitation attempts followed.
At the time, no incident of targets being hacked was reported, but over the weekend, several security firms noticed that attackers have now started exploiting the vulnerability to install cryptocurrency miner and other malware on vulnerable websites.

The SANS Internet Storm Center spotted some attacks to deliver a cryptocurrency miner, a PHP backdoor, and an IRC bot written in Perl.

 

Link to post
Share on other sites

Make this thread: "Drupal Users need to update.. again!"

Another Critical Flaw Found In Drupal Core-Patch Your Sites Immediately

https://thehackernews.com/2018/04/drupal-site-vulnerability.html

Quote
For the second time within a month, Drupal has been found vulnerable to another critical vulnerability that could allow remote attackers to pull off advanced attacks including cookie theft, keylogging, phishing and identity theft.

Discovered by the Drupal security team, the open source content management framework is vulnerable to cross-site scripting (XSS) vulnerability that resides in a third-party plugin CKEditor which comes pre-integrated in Drupal core to help site administrators and users create interactive content.

CKEditor is a popular JavaScript-based WYSIWYG rich text editor which is being used by many websites, as well as comes pre-installed with some popular web projects.

According to a security advisory released by CKEditor, the XSS vulnerability stems from the improper validation of "img" tag in Enhanced Image plugin for CKEditor 4.5.11 and later versions.
This could allow an attacker to execute arbitrary HTML and JavaScript code in the victim's browser and gain access to sensitive information.

 

Link to post
Share on other sites

Third Critical Drupal Flaw Discovered - Patch Your Sites Immediately

https://thehackernews.com/2018/04/drupal-vulnerability-exploit.html

Quote
Damn! You have to update your Drupal websites.

Yes, of course once again—literally it’s the third time in last 30 days.

As notified in advance two days back, Drupal has now released new versions of its software to patch yet another critical remote code execution (RCE) vulnerability, affecting its Drupal 7 and 8 core.

Drupal is a popular open-source content management system software that powers millions of websites, and unfortunately, the CMS has been under active attacks since after the disclosure of a highly critical remote code execution vulnerability.
The new vulnerability was discovered while exploring the previously disclosed RCE vulnerability, dubbed Drupalgeddon2 (CVE-2018-7600) that was patched on March 28, forcing the Drupal team to release this follow-up patch update.

 

Link to post
Share on other sites

Release of PoC Exploit for New Drupal Flaw Once Again Puts Sites Under Attack

https://thehackernews.com/2018/04/drupalgeddon3-exploit-code.html

Quote
Only a few hours after the Drupal team releases latest updates to fix a new remote code execution flaw in its content management system software, hackers have already started exploiting the vulnerability in the wild.

Announced yesterday, the newly discovered vulnerability (CVE-2018-7602) affects Drupal 7 and 8 core and allows remote attackers to achieve exactly same what previously discovered Drupalgeddon2 (CVE-2018-7600) flaw allowed—complete take over of affected websites.

Although Drupal team has not released any technical details of the vulnerability to prevent immediate exploitation, two individual hackers have revealed some details, along with a proof-of-concept exploit just a few hours after the patch release.

If you have been actively reading every latest story on The Hacker News, you must be aware of how the release of Drupalgeddon2 PoC exploit derived much attention, which eventually allowed attackers actively hijack websites and spread cryptocurrency miners, backdoors, and other malware.

As expected, the Drupal team has warned that the new remote code execution flaw, let's refer it Drupalgeddon3, is now actively being exploited in the wild, again leaving millions of websites vulnerable to hackers.

 

Link to post
Share on other sites
  • LSW pinned this topic
  • 1 month later...

Over 115,000 Drupal Sites Still Vulnerable to Drupalgeddon2 Exploit

https://thehackernews.com/2018/06/drupalgeddon2-exploit.html

Quote

Security researcher Troy Mursch scanned the whole Internet and found over 115,000 Drupal websites are still vulnerable to the Drupalgeddon2 flaw despite repetitive warnings.

Drupalgeddon2 (CVE-2018-7600) is a highly critical remote code execution vulnerability discovered late March in Drupal CMS software (versions < 7.58 / 8.x < 8.3.9 / 8.4.x < 8.4.6 / 8.5.x < 8.5.1) that could allow attackers to completely take over vulnerable websites.

For those unaware, Drupalgeddon2 allows an unauthenticated, remote attacker to execute malicious code on default or standard Drupal installations under the privileges of the user.

 

Link to post
Share on other sites
  • 1 month later...

Symfony Flaw Leaves Drupal Sites Vulnerable to Hackers - Patch Now

https://thehackernews.com/2018/08/symfony-drupal-hack.html

Quote

It's time to update your Drupal websites.

Drupal, the popular open-source content management system, has released a new version of its software to patch a security bypass vulnerability that could allow a remote attacker to take control of the affected websites.

The vulnerability, tracked as CVE-2018-14773, resides in a component of a third-party library, called Symfony HttpFoundation component, which is being used in Drupal Core and affects Drupal 8.x versions before 8.5.6.

Since Symfony—a web application framework with a set of PHP components—is being used by a lot of projects, the vulnerability could potentially put many web applications at risk of hacking.

Symfony Component Vulnerability

According to an advisory released by Symfony, the security bypass vulnerability originates due to Symfony's support for legacy and risky HTTP headers.

 

Link to post
Share on other sites
  • LSW unpinned this topic
  • 5 months later...

Drupal Releases Core CMS Updates to Patch Several Vulnerabilities

https://thehackernews.com/2019/04/drupal-security-update.html

Quote

 

Drupal, the popular open-source content management system, has released security updates to address multiple "moderately critical" vulnerabilities in Drupal Core that could allow remote attackers to compromise the security of hundreds of thousands of websites.
 
According to the advisories published today by the Drupal developers, all security vulnerabilities Drupal patched this month reside in third-party libraries that are included in Drupal 8.6, Drupal 8.5 or earlier and Drupal 7.
 
One of the security flaws is a cross-site scripting (XSS) vulnerability that resides in a third-party plugin, called JQuery, the most popular JavaScript library that is being used by millions of websites and also comes pre-integrated in Drupal Core.
 
Last week, JQuery released its latest version jQuery 3.4.0 to patch the reported vulnerability, which has not yet assigned a CVE number, that affects all prior versions of the library to that date.

 

 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...