ThreatNix reports, the Drupal team publicly acknowledged a severe vulnerability in the open source CMS Drupal on March with the release of a patch to address the vulnerability. The vulnerability stemming from the insecure handling of user inputs received from form API AJAX requests allows unauthenticated, remote code execution in the affected website. The vulnerability can be leveraged to completely take over an affected site.
The POC exploit for the vulnerability has been recently released by a Russian security researcher after Check Point, and Dofinity published the technical details of the vulnerability. Following the public release of the exploit,
After Check Point and Dofinity published the technical aspects of the vulnerability, Russian security researched released the POC exploit for the vulnerability. Researchers from Sucuri, Imperva, and the SANS Internet Storm Center have observed automated attempts to develop the weakness named Drupalgeddon2 originating from hundreds of sources. Many attempts to exploit more than a million websites built on Drupal have been identified over the past couple of days.
According to ThreatNix, this vulnerability that affects Drupal versions 6 to 8 is being used to compromise sites to embed crypto miners within them. This exploit has further boosted the injection of crypto miners by taking over websites which have been a trend among malicious actors for quite some time now.
Drupal is a free and open source content management framework written in PHP and distributed under the GNU General Public License. Drupal provides a back-end framework for at least 2.3% of all websites worldwide – ranging from personal blogs to corporate, political, and government sites. Systems also use Drupal for knowledge management and business collaboration.
As of January 2018, the Drupal community is composed of more than 1.3 million members, including 109,800 users actively contributing, resulting in more than 39,500 free modules that extend and customize Drupal functionality, over 2,570 free themes that change the look and feel of Drupal, and at least 1,200 free distributions that allow users to quickly and easily set up an elaborate, use-specific Drupal in fewer steps.
Drupal 7.58 or Drupal 8.5.1 should be immediately upgraded by website administrator to remove the vulnerability. While Drupal 6, also affected by the vulnerability, is no longer supported, a patch was still provided to address the weakness in this version.
Many reputed IT professionals have publicly warned against the issues. They unsurprisingly have asked people to immediately update Drupal to the patched version and to consider themselves hacked if they do not do so quickly.