Detected a critical vulnerability in Drupal 7 (SA-CORE-2014-005)

Blog Categories

Basket of services

Company news

Thursday, 24 December 2015: Merry Christmas and Happy New Year!
Monday, 20 April 2015: Accepting payments through payment system Webmoney and Z-Payment restored
Saturday, 18 April 2015: Unavailable accepting payments via Webmoney and Z-Payment
Thursday, 05 March 2015: To order new services are available - DNS hosting and secondary DNS server
Wednesday, 25 February 2015: Added new ways to pay for services

Recent blog posts

Detected a critical vulnerability in Drupal 7 (SA-CORE-2014-005)

Saturday, 18 October 2014 00:44

The company Sektion Eins was found a critical vulnerability, which affects all versions of Drupal 7 branch. It allows you to execute arbitrary SQL-query the database Drupal without any rights in the system. Thus, for example, it is possible with absolutely no rights on your website, create a special request, which will create a new administrator or change the current password. The danger is defined as the highest. October 15 came kernel upgrade to version 7.32, which addresses the vulnerability. Developers are strongly advised to update the kernel immediately.

At the moment, already compromised a lot of sites for this CMS and break-ins continue.

Check if your site is hacked, as follows:

1. When hacking usually on site, new users with Administrator rights. Usually their logins drupaldev, drupal, system, but there may be others.

2. Quite often in the table menu_router site database insert malicious code. You can find it by doing a database query:

SELECT * FROM menu_router WHERE access_arguments LIKE '%form1(@$_COOKIE%';

When breaking, the attacker not only creates new administrators, but also downloads malicious files to the server.

If your site has been hacked, you must:

- Remove all users with administrator privileges to which you have no relationship.

- Perform a system update to the latest version.

- Check the database for the presence of Trojans.

- Find and delete all files created on a server containing malicious code. In this case, the malicious code can also be located in the files of the site. In this case, delete the file is not necessary, you just need to remove it from the part that contains malicious code.

Also, if your site has been hacked, you can order from us virus removal from the site, or scan your site for vulnerabilities.