The exploitation attempt will be detected by the existing “Drupalgeddon 2” signature. Mitigating the vulnerability with BIG-IP ASMīIG-IP ASM customers under any supported BIG-IP version are already protected against this vulnerability. “ if it finds such dangerous values, it removes the “destination” parameter from the request.įigure 2: RequestSanitizer.php github commit fixing the vulnerability. The patch submitted by Drupal’s developers added the “checkDestination” function to the “RequestSanitizer.php” file that checks if a “destination” parameter exists in the request and checks whether it contains dangerous values such as array keys starting with “#” (e.g. When submitting the node delete request, Drupal passes a “destination” parameter with a URL to redirect to when the deletion process finishes and this is where an attacker can inject his payload.Īlthough the vulnerability was classified by Drupal as “Highly Critical”, to exploit this vulnerability the attacker is required to have permission for at least deleting content from the vulnerable Drupal site.įigure 1: Node deletion request attempting to exploit CVE-2018-7602 Such case was found when deleting a node in Drupal (a Drupal node can be any content submitted to the site such as Article, page, etc). We can access the exploit module in Metasploit as shown below. Security Level: low It is just throwing back the argument value used in the GET request. If the server doesn’t sanatizes our input, we can exploit and perform unusual activity. Here the system is using PHP so we will somehow inject some php code/command. It was found that the sanitation function that was added to address the “Drupalgeddon 2” vulnerability is not covering the case where a parameter contains a path that may be parsed by Drupal’s Forms API. Popular Exploitation Framework Metasploit has released an exploit module with its latest update for exploiting the Drupal RCE. This type of attack exploits poor handling of untrusted data. This new vulnerability is similar to CVE-2018-7600, also known as “Drupalgeddon 2”. A new critical Remote Code Execution vulnerability in Drupal core was published.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |