Drupal RCE Exploit Released 13/4/18

Hackers have started exploiting a recently disclosed critical vulnerability in Drupal shortly after the public release of working exploit code on GitHub.

Two weeks ago, Drupal security team discovered a highly critical remote code execution vulnerability, dubbed Drupalgeddon2, in its content management system software that could allow attackers to completely take over vulnerable websites.

To address the vuln. Drupal immediately released a patch to their users without revealing any other information related to the exploit!

There were complete technical details about this vulnerability (CVE-2018-7600), provided by Check Point and Dofinity. Later a PoC exploit code for Drupalgeddon2 was
released on GitHub (links not included, pals)!

So why is this vulnerability so scary?
Drupalgeddon2 affects all version of Drupal from 6 to 8 and allows an unauthenticated, remote attacker to execute malicious code on default or common Drupal installations.

According to checkpoint's disclosure, the vulnerability exists due to the insufficient sanitation of inputs passed via Form API (FAPI) AJAX requests.

However, shortly after the public release of the PoC exploit, which many confirmed to be functional, researchers at Sucuri, Imperva, and the SANS Internet Storm Center started seeing attempts to exploit Drupalgeddon2, though none have yet to see any reports of websites being hacked.

Every site administrator running any of the affected versions should instantly update his Drupal version.

PS: Even after Drupal dropped the support for version 6 in February 2016, they still created a patch update on it. Good job Drupal team :) !

Source: thehackersnews.com