SQL Injection vulnerability in Drupal 7.x

Security researchers from SektionEins have discovered a critical SQL Injection vulnerability in Drupal CMS that leaves a large number of websites that uses Drupal at risk.
Drupal introduced a database abstraction API in version 7.  The purpose of this API is to prevent SQL Injection attacks by sanitizing SQL Queries. But, this API itself introduced a new and critical SQL Injection vulnerability. 
 The vulnerability enables attackers to run malicious SQL queries, PHP code on vulnerable websites.  A successful exploitation allows hackers to take complete control of the site. This vulnerability can be exploited by a non-authenticated user and has been classified as "Highly Critical" one. SektionEins didn't release the POC but released an advisory with technical details.
 The vulnerability exists in the expandArguments function which is used for expanding arrays to handle SQL queries with "IN" Operator.  The vulnerability affects Drupal core 7.x versions prior.  Users of 7.x versions are advised to update their CMS immediately. You can also directly modify the "includes/database.inc" file to patch this vulnerability; Change the "foreach ($data as $i => $value) {"  with "foreach (array_values($data) as $i => $value) {"  in 739 line

A proof of Concept has been released online that allows anyone to change the password of admin account.  So, better Hurry UP! Update your Drupal CMS.
The following python Code changes the admin password of vulnerable Drupal to 'admin' (Tested with Drupal versions 7.21,7.31). 

Comments

Popular posts from this blog

The power of Bluetooth 4.0

How to hack your xbox 360 completely

Wii Remote IR Camera Hack with Arduino Interface