SQL Injection

Drupal Sites Hacked Worldwide in October 2014

Security Exploit revealed in October allows total control of YOUR Drupal site

In mid-October Drupal announced a serious defect in the Database Abstraction Layer allowing guest users to gain full access to a site and server. The security noticed can be found at the FAQ on SA-CORE-2014-005 on the Drupal website.

This exploit creates the ability for attackers to place their own PHP files on your server for remote execution, or to inject their own code into pre-existing files.

Ways to detect a breached system - and steps to remediate:


Look for files with a datestamp in October 2014

If you didn't upload any new versions or modules in October 2014, there should be no php or include files with these datestamps. Use the Linux FIND command to find files last edited on or after October 1st, 2014 and then check those files.

Locate files with PCT4BA6ODSE_ in them

Tags: 

Subscribe to RSS - SQL Injection