• Home
  • About Us
  • Authors
  • Submit News
  • Contact Us
  • Privacy Policy
  • Sitemap
The Hack Post
  • Hacking News
    • Cyber Crime
  • Cyber Security
  • Technology
    • Internet
  • Entertainment
    • Gaming
  • Business
  • Science / Health
No Result
View All Result
The Hack Post
No Result
View All Result

Drupal RCE Exploit Has Been Released for the “Drupalgeddon2” Vulnerability

Zaid Rasheed by Zaid Rasheed
April 19, 2018
An image of the Drupal that is vulnerable to an RCE Exploit.

An image of the Drupal that is vulnerable to an RCE Exploit.

Share on FacebookShare on Twitter

In just a short span of time, after the working Drupal RCE Exploit is released to the general public, the hackers have begun exploiting the recently revealed vital vulnerability in Drupal. From the past couple of weeks, Drupal’s security crew had noticed extremely critical remote code execution vulnerability, a dubbed “Drupalgeddon2” in the content management system software. This could enable the cyber attackers to take over the vulnerable websites in the virtual space notoriously.

For this vulnerability to be addressed immediately, Drupal had released the updated version of the Drupal CMS without the need to launch any technical particulars, which give more than 1,000,000 websites the opportunity to have enough time to patch the difficulty.

Days earlier, Check Point and Dofinity’s security researchers had published the complete technical details regarding the vulnerability (CVE-2018-7600). With its help, a Russian safety researcher launched a Drupal RCE Exploit or proof-of-concept exploit code for the Drupalgeeddon2 vulnerability on the GitHub website.

A screenshot of the Drupal RCE Exploit Code.
A screenshot of the Drupal RCE Exploit Code.

Hackers had taken advantage from the RCE Exploit of the Drupalgeeddon2, which impacts to complete versions of Drupal (from 6 to 8) to execute malicious codes on common or default Drupal installations.

The vulnerability had taken place due to the inadequate sanitation of the inputs passed through the request in Form API (FAPI) AJAX, according to the confession made by Check Point.

“In return, this had completely allowed the attackers to inject malicious payloads into the structure in internal form, “ said the Check Point’s researcher. “This will cause Drupal to act without the user’s authentication. By exploiting the vulnerability, the attackers were given a chance to carry out efforts to fully take over the websites of any customer under Drupal.”

However, after the Drupal RCE Exploit is launched, which many of the users had confirmed it to works, the researchers from the Imperva, Sucuri and SANS Internet Storm Center had begun seeing the attempts to exploit the Drupalgeddon2. They said this though none of them have yet seen and heard any reports that the cyber attackers are hacking some websites.

The website administrators that are still using and running the vulnerable Drupal RCE Exploit should cover the vulnerability by immediately updating the CMS to a Drupal 7.58 or even higher to Drupal 8.5.1, so they can avoid the possible exploits.

This vulnerability also affects the version Drupal 6 that is no longer having support from the company since 2016. However, a patch for this version had still been created.

Tags: Drupal RCE ExploitDrupalgeddon2
Zaid Rasheed

Zaid Rasheed

A senior technical writer and content creator at The Hack Post. Cyber Security Expert for longer than I can remember and an adamant lover of Social Media. Writing is a passion of mine and The Hack Post lets me express that.

Next Post
An image of Red Bull logo with a Hacked text.

Red Bull Website Hacked by Prosox

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Articles

Deciding Factors
Technology

Taking You Through the Deciding Factors That Determine A Feature Getting Introduced In a Product Development Lifecycle with Sonia Randhawa

October 16, 2020
5 WAYS TO BUILD TRUST BETWEEN YOUR BUSINESS AND CUSTOMERS
Technology

5 Ways to build trust between your business and customers

October 16, 2020
Does Cyber Security Require Programming
Technology

Does Cyber Security Require Programming?

October 16, 2020
Should You Create a Game Intro for Your YouTube Gaming Channel?
Entertainment

Should You Create a Game Intro for Your YouTube Gaming Channel?

October 16, 2020
GetInsta: Best App to Get Free Instagram Followers [100% Genuine]
Technology

GetInsta: Best App to Get Free Instagram Followers [100% Genuine]

October 16, 2020
Role of Blockchain Technology in Software Development Transformation
Technology

Role of Blockchain Technology in Software Development Transformation

October 16, 2020
What is Direct Mail and why is it important
Technology

What is Direct Mail and Why is it Important

October 15, 2020
The Importance of a Good Server For an eCommerce Store
Technology

The Importance of a Good Server For an eCommerce Store

October 14, 2020
All About Dynamic CVV and CVV Shops
Technology

All About Dynamic CVV and CVV Shops

October 14, 2020
Micro-management: signs and ways to overcome
Technology

Micro-management: signs and ways to overcome

October 13, 2020
A Simple Guide to Local Search Engine Marketing
Technology

A Simple Guide to Local Search Engine Marketing

October 13, 2020
Top 5 Laptops Optimized for iGaming Efficiency
Entertainment

Top 5 Laptops Optimized for iGaming Efficiency

October 13, 2020
  • Home
  • About Us
  • Authors
  • Submit News
  • Contact Us
  • Privacy Policy
  • Sitemap

The Hack Post © 2019

No Result
View All Result
  • Hacking News
    • Cyber Crime
  • Cyber Security
  • Technology
    • Internet
  • Entertainment
    • Gaming
  • Business
  • Science / Health

The Hack Post © 2019