![]() To create all of its UI elements, Drupal uses Form API, a powerful tool allowing developers to create forms and handle form submissions quickly and easily. The root cause of this vulnerability is related to the Drupal theme rendering system. Hackers used this vulnerability mainly to mine cryptocurrencies on visitor's computers, install ransomware, and steal private data such as PII or credentials of the users from affected servers. Quickly after that, threat intelligence services started to notice exploitation attempts in the wild. Soon after the announcement of the vulnerability, proof of concept code (POC) was made publicly available on Github by a Russian security researcher. There is a high likelihood of attack since this vulnerability exists in default and common module configurations and it is easy to automate.The attack can be leveraged by an unauthenticated user and it does not require any level of privilege.The vulnerability can be triggered by simply sending a POST request, therefore it is straightforward to detect and exploit.The Drupal Security Team stated that the risk of CVE-2018-7600 is scored 24/25 based on the NIST Common Misuse Scoring System, and it is considered highly critical for the following reasons: As a matter of urgency, they recommended clients update their Drupal websites to the latest version immediately.Īt the moment, Drupalgeddon2 exists in all versions prior to 7.58 and 8.5.1. On 28 March, the Drupal Security Team announced they identified and patched a critical Remote Code Execution vulnerability ( CVE-2018-7600) affecting all Drupal releases to date. According to BuiltWith, more than 637,360 websites currently use Drupal. Introductionĭrupal is the second most popular Content Management System (CMS) in the world. Click here to try hacking the Drupalgeddon2 Vulnerability and learn more with HackEDU's hands-on Drupalgeddon2 application.
0 Comments
Leave a Reply. |