Showing posts from January, 2015

SQL Injection vulnerability in Drupal 7.x

Security researchers from SektionEins have discovered a critical SQL Injection vulnerability in Drupal CMS that leaves a large number of websites that uses Drupal at risk. Drupal introduced a database abstraction API in version 7.  The purpose of this API is to prevent SQL Injection attacks by sanitizing SQL Queries. But, this API itself introduced a new and critical SQL Injection vulnerability.   The vulnerability enables attackers to run malicious SQL queries, PHP code on vulnerable websites.  A successful exploitation allows hackers to take complete control of the site. This vulnerability can be exploited by a non-authenticated user and has been classified as "Highly Critical" one. SektionEins didn't release the POC but released an advisory with technical details.  The vulnerability exists in the expandArguments function which is used for expanding arrays to handle SQL queries with "IN" Operator.  The vulnerability affects Drupal core 7.x versions prio