Drupageddon: SQL Injection, Database Abstraction and Hundreds of Thousands of Web Sites


On October 29, 2014, the Drupal Security Team released advisory identifier DRUPAL-PSA-2014-003. This advisory informed administrators of Drupal-based Web sites that all Drupal-based Web sites utilizing vulnerable versions of Drupal should be considered compromised if they were not patched/upgraded before 2300 UTC on October 15, 2014 (seven hours following the initial announcement of the vulnerability in SA-CORE-2014-005).
In the case of the Drupageddon vulnerability, the database abstraction layer provided by Drupal included a function called expandArguments that was used in order to expand arrays that provide arguments to SQL queries utilized in supporting the Drupal installation. Due to the way this function was written, supplying an array with keys (rather than an array with no keys) as input to the function could be used in order to perform an SQL injection attack.
-
- Login or register to post comments
Printer-friendly version
- 2802 reads
PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Ubuntu Leftovers
| Best Hex Editors for Linux
This article will list useful hex editor applications available for Linux. Hex editors allow you to modify pre-compiled binary files whose source code is typically not available to change. They work by browsing binary data present in a file and then presenting the data in hexadecimal notation to users. Hex editors can also show partial or full ASCII data depending on the contents of the file.
These hex editors allow you to change hexadecimal values, thereby allowing users to modify file behavior even if they don’t have access to source code. However, the data represented by a hex editor is not exactly human readable. Reading and interpreting hexadecimal values to infer program logic and behavior is not an easy task by any means and it takes considerable efforts to find values and make even the smallest of change. A hex editor is one of the first tools used while reverse engineering a file.
|
LibreOffice Online with Team Editing Collaboration
Continuing the intro, now we will try LibreOffice Online with team collaboration. This allows you and friends (a team) altogether to edit a document simultaneously via the internet. It supports computer, laptop, as well as Android device users. How to do that? This simple tutorial explains it step by step for you.
[...]
Once a friend clicked the link, he/she will open your document on the web browser, asked for a name, asked for the password if any, and finally can edit the document together with you at the same time. The name asked will be used as identifier when a team working together.
| Security Leftovers
|
Recent comments
10 hours 32 min ago
16 hours 59 min ago
17 hours 29 min ago
17 hours 33 min ago
1 day 6 hours ago
1 day 7 hours ago
1 day 10 hours ago
1 day 13 hours ago
1 day 13 hours ago
1 day 14 hours ago