• Home
  • About Us
  • Authors
  • Submit News
  • Contact Us
  • Privacy Policy
  • Sitemap
The Hack Post
  • Hacking News
    • Cyber Crime
  • Cyber Security
  • Technology
    • Internet
  • Entertainment
    • Gaming
  • Business
  • Science / Health
No Result
View All Result
The Hack Post
No Result
View All Result

Drupal RCE Exploit Has Been Released for the “Drupalgeddon2” Vulnerability

Zaid Rasheed by Zaid Rasheed
April 19, 2018
An image of the Drupal that is vulnerable to an RCE Exploit.

An image of the Drupal that is vulnerable to an RCE Exploit.

Share on FacebookShare on Twitter

In just a short span of time, after the working Drupal RCE Exploit is released to the general public, the hackers have begun exploiting the recently revealed vital vulnerability in Drupal. From the past couple of weeks, Drupal’s security crew had noticed extremely critical remote code execution vulnerability, a dubbed “Drupalgeddon2” in the content management system software. This could enable the cyber attackers to take over the vulnerable websites in the virtual space notoriously.

For this vulnerability to be addressed immediately, Drupal had released the updated version of the Drupal CMS without the need to launch any technical particulars, which give more than 1,000,000 websites the opportunity to have enough time to patch the difficulty.

Days earlier, Check Point and Dofinity’s security researchers had published the complete technical details regarding the vulnerability (CVE-2018-7600). With its help, a Russian safety researcher launched a Drupal RCE Exploit or proof-of-concept exploit code for the Drupalgeeddon2 vulnerability on the GitHub website.

A screenshot of the Drupal RCE Exploit Code.
A screenshot of the Drupal RCE Exploit Code.

Hackers had taken advantage from the RCE Exploit of the Drupalgeeddon2, which impacts to complete versions of Drupal (from 6 to 8) to execute malicious codes on common or default Drupal installations.

The vulnerability had taken place due to the inadequate sanitation of the inputs passed through the request in Form API (FAPI) AJAX, according to the confession made by Check Point.

“In return, this had completely allowed the attackers to inject malicious payloads into the structure in internal form, “ said the Check Point’s researcher. “This will cause Drupal to act without the user’s authentication. By exploiting the vulnerability, the attackers were given a chance to carry out efforts to fully take over the websites of any customer under Drupal.”

However, after the Drupal RCE Exploit is launched, which many of the users had confirmed it to works, the researchers from the Imperva, Sucuri and SANS Internet Storm Center had begun seeing the attempts to exploit the Drupalgeddon2. They said this though none of them have yet seen and heard any reports that the cyber attackers are hacking some websites.

The website administrators that are still using and running the vulnerable Drupal RCE Exploit should cover the vulnerability by immediately updating the CMS to a Drupal 7.58 or even higher to Drupal 8.5.1, so they can avoid the possible exploits.

This vulnerability also affects the version Drupal 6 that is no longer having support from the company since 2016. However, a patch for this version had still been created.

Tags: Drupal RCE ExploitDrupalgeddon2
Zaid Rasheed

Zaid Rasheed

A senior technical writer and content creator at The Hack Post. Cyber Security Expert for longer than I can remember and an adamant lover of Social Media. Writing is a passion of mine and The Hack Post lets me express that.

Next Post
An image of Red Bull logo with a Hacked text.

Red Bull Website Hacked by Prosox

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Articles

The Benefits Of A Chair Massage
Science / Health

The Benefits Of A Chair Massage

December 7, 2020
How Do I Know If I Need A Proxy?
Technology

How Do I Know If I Need A Proxy?

December 5, 2020
How Do I Know When My Business Needs A Proxy?
Technology

How Do I Know When My Business Needs A Proxy?

December 3, 2020
5 Tricks For Git You May Not Use Yet
Technology

5 Tricks For Git You May Not Use Yet

December 2, 2020
6 Ways to give a new look to your Car
Business

6 Ways to give a new look to your Car

December 2, 2020
A Guide to Start Your Career in the Field of Cybersecurity
Cyber Security

A Guide to Start Your Career in the Field of Cybersecurity

December 1, 2020
MOVEMENT OF PLANETS ROTATION AND REVOLUTION 01
Science / Health

Movement of Planets: Rotation And Revolution

December 1, 2020
Smart Homes Make for Smart Investments When Properly Secured
Technology

Smart Homes Make for Smart Investments When Properly Secured

December 1, 2020
8 cybersecurity trends to watch out for in 2021
Technology

8 cybersecurity trends to watch out for in 2021

December 1, 2020
Can Learn From Hackers
Hacking News

What A Beginning Programmer

December 1, 2020
Tips for working with a game art outsourcing studio
Technology

Tips for Working With a Game Art Outsourcing Studio

November 30, 2020
Beginners Guide On Replacing The Garage Doors In Brisbane
Business

Beginners Guide On Replacing The Garage Doors In Brisbane

November 30, 2020
  • Home
  • About Us
  • Authors
  • Submit News
  • Contact Us
  • Privacy Policy
  • Sitemap

The Hack Post © 2019

No Result
View All Result
  • Hacking News
    • Cyber Crime
  • Cyber Security
  • Technology
    • Internet
  • Entertainment
    • Gaming
  • Business
  • Science / Health

The Hack Post © 2019