Ofer For You (1)

Thursday 22 January 2015

Critical SQL Injection vulnerability in Drupal 7.x -

By Kunal Vohra, Director@H2K



Security researchers from SektionEins have discovered a critical SQL Injection vulnerability in Drupal CMS that leaves a large number of websites that uses Drupal at risk.

Sponsored Links



Drupal introduced a database abstraction API in version 7.  The purpose of this API is to prevent SQL Injection attacks by sanitizing SQL Queries.

But, this API itself introduced a new and critical SQL Injection vulnerability.  The vulnerability enables attackers to run malicious SQL queries, PHP code on vulnerable websites.  A successful exploitation allows hackers to take complete control of the site.

This vulnerability can be exploited by a non-authenticated user and has been classified as "Highly Critical" one.

SektionEins didn't release the POC but released an advisory with technical details.

The vulnerability exists in the expandArguments function which is used for expanding arrays to handle SQL queries with "IN" Operator.

The vulnerability affects Drupal core 7.x versions prior.  Users of 7.x versions are advised to update their CMS immediately.

You can also directly modify the "includes/database.inc" file to patch this vulnerability; Change the "foreach ($data as $i => $value) {"  with "foreach (array_values($data) as $i => $value) {"  in 739 line.

No comments:

Post a Comment