• Home
  • About Us
  • Authors
  • Submit News
  • Contact Us
  • Privacy Policy
  • Sitemap
The Hack Post
  • Hacking News
    • Cyber Crime
  • Cyber Security
  • Technology
    • Internet
  • Entertainment
    • Gaming
  • Business
  • Science / Health
No Result
View All Result
The Hack Post
No Result
View All Result

Drupal RCE Exploit Has Been Released for the “Drupalgeddon2” Vulnerability

Zaid Rasheed by Zaid Rasheed
April 19, 2018
An image of the Drupal that is vulnerable to an RCE Exploit.

An image of the Drupal that is vulnerable to an RCE Exploit.

Share on FacebookShare on Twitter

In just a short span of time, after the working Drupal RCE Exploit is released to the general public, the hackers have begun exploiting the recently revealed vital vulnerability in Drupal. From the past couple of weeks, Drupal’s security crew had noticed extremely critical remote code execution vulnerability, a dubbed “Drupalgeddon2” in the content management system software. This could enable the cyber attackers to take over the vulnerable websites in the virtual space notoriously.

For this vulnerability to be addressed immediately, Drupal had released the updated version of the Drupal CMS without the need to launch any technical particulars, which give more than 1,000,000 websites the opportunity to have enough time to patch the difficulty.

Days earlier, Check Point and Dofinity’s security researchers had published the complete technical details regarding the vulnerability (CVE-2018-7600). With its help, a Russian safety researcher launched a Drupal RCE Exploit or proof-of-concept exploit code for the Drupalgeeddon2 vulnerability on the GitHub website.

A screenshot of the Drupal RCE Exploit Code.
A screenshot of the Drupal RCE Exploit Code.

Hackers had taken advantage from the RCE Exploit of the Drupalgeeddon2, which impacts to complete versions of Drupal (from 6 to 8) to execute malicious codes on common or default Drupal installations.

The vulnerability had taken place due to the inadequate sanitation of the inputs passed through the request in Form API (FAPI) AJAX, according to the confession made by Check Point.

“In return, this had completely allowed the attackers to inject malicious payloads into the structure in internal form, “ said the Check Point’s researcher. “This will cause Drupal to act without the user’s authentication. By exploiting the vulnerability, the attackers were given a chance to carry out efforts to fully take over the websites of any customer under Drupal.”

However, after the Drupal RCE Exploit is launched, which many of the users had confirmed it to works, the researchers from the Imperva, Sucuri and SANS Internet Storm Center had begun seeing the attempts to exploit the Drupalgeddon2. They said this though none of them have yet seen and heard any reports that the cyber attackers are hacking some websites.

The website administrators that are still using and running the vulnerable Drupal RCE Exploit should cover the vulnerability by immediately updating the CMS to a Drupal 7.58 or even higher to Drupal 8.5.1, so they can avoid the possible exploits.

This vulnerability also affects the version Drupal 6 that is no longer having support from the company since 2016. However, a patch for this version had still been created.

Tags: Drupal RCE ExploitDrupalgeddon2
Zaid Rasheed

Zaid Rasheed

A senior technical writer and content creator at The Hack Post. Cyber Security Expert for longer than I can remember and an adamant lover of Social Media. Writing is a passion of mine and The Hack Post lets me express that.

Next Post
An image of Red Bull logo with a Hacked text.

Red Bull Website Hacked by Prosox

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Articles

Best Secrets of Professional SEO Writing
Technology

Best Secrets of Professional SEO Writing

December 3, 2019
The Creeping Problems of 5G Security
Technology

The Creeping Problems of 5G Security

December 3, 2019
Few new security related techniques that may gain importance
Technology

Few new security related techniques that may gain importance

December 3, 2019
Few latest gaming gadgets that may be in demand in 2020
Gaming

Few latest gaming gadgets that may be in demand in 2020

December 3, 2019
The Ultimate Guide for Online Security and Privacy in 2020
Technology

The Ultimate Guide for Online Security and Privacy in 2020

December 2, 2019
How Technology is Improving Influencer Marketing with Riley Beek Leading the Line of Popular Influencers
Technology

How Technology is Improving Influencer Marketing with Riley Beek Leading the Line of Popular Influencers

November 30, 2019
Five Tips To Prevent Enterprise Data Breaches
Technology

Five Tips To Prevent Enterprise Data Breaches

November 28, 2019
5 Tips for Ensuring Security for Offshore Web Hosts
Technology

5 Tips for Ensuring Security for Offshore Web Hosts

November 28, 2019
10 Things You Should Know Before Starting a Business Online
Technology

10 Things You Should Know Before Starting a Business Online

November 28, 2019
5 Ways to Boost Your Brand with Organic SEO Services
Technology

5 Ways to Boost Your Brand with Organic SEO Services

November 25, 2019
Why Troubleshoot Remotely, When You Can Do It In Person?
Technology

Why Troubleshoot Remotely, When You Can Do It In Person?

November 23, 2019
3 Innovative Solutions to Protect Your Tech Against Vulnerabilities
Technology

3 Innovative Solutions to Protect Your Tech Against Vulnerabilities

November 23, 2019
  • Home
  • About Us
  • Authors
  • Submit News
  • Contact Us
  • Privacy Policy
  • Sitemap

The Hack Post © 2019

No Result
View All Result
  • Hacking News
    • Cyber Crime
  • Cyber Security
  • Technology
    • Internet
  • Entertainment
    • Gaming
  • Business
  • Science / Health

The Hack Post © 2019