Drupageddon: SQL Injection, Database Abstraction and Hundreds of Thousands of Web Sites


On October 29, 2014, the Drupal Security Team released advisory identifier DRUPAL-PSA-2014-003. This advisory informed administrators of Drupal-based Web sites that all Drupal-based Web sites utilizing vulnerable versions of Drupal should be considered compromised if they were not patched/upgraded before 2300 UTC on October 15, 2014 (seven hours following the initial announcement of the vulnerability in SA-CORE-2014-005).
In the case of the Drupageddon vulnerability, the database abstraction layer provided by Drupal included a function called expandArguments that was used in order to expand arrays that provide arguments to SQL queries utilized in supporting the Drupal installation. Due to the way this function was written, supplying an array with keys (rather than an array with no keys) as input to the function could be used in order to perform an SQL injection attack.
-
- Login or register to post comments
Printer-friendly version
- 3102 reads
PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
today's howtos
| Red Hat Hires a Blind Software Engineer to Improve Accessibility on Linux Desktop
Accessibility on a Linux desktop is not one of the strongest points to highlight. However, GNOME, one of the best desktop environments, has managed to do better comparatively (I think).
In a blog post by Christian Fredrik Schaller (Director for Desktop/Graphics, Red Hat), he mentions that they are making serious efforts to improve accessibility.
Starting with Red Hat hiring Lukas Tyrychtr, who is a blind software engineer to lead the effort in improving Red Hat Enterprise Linux, and Fedora Workstation in terms of accessibility.
|
Today in Techrights
| Android Leftovers |
Recent comments
7 weeks 3 days ago
7 weeks 3 days ago
7 weeks 3 days ago
7 weeks 4 days ago
7 weeks 4 days ago
7 weeks 4 days ago
7 weeks 4 days ago
7 weeks 4 days ago
7 weeks 4 days ago
7 weeks 4 days ago