Shortly after the public disclosure of the critical vulnerability in Drupal code, hackers started to exploit it.
Not too long ago a highly critical remote code execution vulnerability, named Drupalgeddon2, was discovered in Drupal’s content management system software. By exploiting it, hackers could completely take over vulnerable websites.
This kind of problem can be easily evaded if a robust cybersecurity solution is present in every device that you own. Depending on which version of OS is installed on your device it is imperative to install an antivirus for Windows or antivirus for Mac. Companies should also use the services of a cybersecurity firm to verify their internal network by running various tests like penetration test and ethical hacking tests.
After finding the vulnerability, the company behind Drupal immediately released updated versions of Drupal CMS without releasing any technical details of the vulnerability. By doing this they gave more than enough time to almost a million sites, which were affected by this critical flaw, to patch this issue.
A couple of days ago, a complete technical report about this vulnerability (CVE-2018-7600), including a proof-of-concept (PoC) exploits code for Drupalgeddon2, was published on GitHub.
Shortly after the public release of the PoC exploit we started seeing attempts to exploit Drupalgeddon2.
The Drupalgeddon2 vulnerability affects all versions of Drupal from 6 to 8. It allows an unauthenticated, remote hacker to execute malicious code on default or common Drupal installations.
The vulnerability exists due to the insufficient sanitation of inputs passed via Form API (FAPI) AJAX requests.
Because of it, a hacker can inject a malicious payload into the internal form structure which will lead him to a full site takeover of any Drupal customer.
We highly recommended sites administrators that are still running vulnerable versions of Drupal patch the vulnerability by updating their CMS to Drupal 7.58 or Drupal 8.5.1 as soon as possible.
Remember that only a robust cybersecurity solution can protect your device form all types of cyber attacks. The use of an active antivirus is mandatory. We strongly recommend to everyone to install an antivirus for Windows or antivirus for Mac, depending on which version of OS your devices run. If you are a company, please check your network integrity by hiring top cyber security firms to perform various tests like penetration test and ethical hacking tests at least once a year.