Introduction
Drupal is an open source content management platform powering millions of websites and applications.It’s built, used, and supported by an active and diverse community of people around the world.Drupal 7 is used by a vast number of sites and all of them are vulnerable.
During a sourcecode audit for a customer we found an SQL Injection Vulnerability in Drupal's core handling of SQL queries, which we disclosed to the vendor. With this bug an attacker can gain full control over all Drupal sites (Admin privileges), without knowledge of internals or authentication on the site. He can even execute PHP Code without leaving a trace in any log.
The Bug was introduced in early 2011 and stayed well hidden in the core framework.
We will wait until enough sites had time to update before we release a PoC, since this is a severe bug, which allows an attacker to execute arbitrary code with only one HTTP request and no knowledge of the site whatsoever.
The Vulnerability
All database queries in Drupal are handled via prepared statements. Placeholders are used in the SQL queries to indicate where user input should be included:SELECT * FROM {users} WHERE name IN (:name_0, :name_1)This prepared statement is called with a binding to variables for :name_0 and :name_1. This way an attacker cannot alter the SQL query, since he cannot inject values into the prepared statement.The number of placeholders has to be correct. Therefore Drupal uses a function to expand :name to :name_0, :name_1. This function handles the arrays incorrectly and expands the array to :name_$key0, :name_$key1. If the attacker can control the $key0 and $key1 he can manipulate the SQL query to look like this:
SELECT * FROM {users} WHERE name IN (:name_test) OR name = 'Admin' -- , :name_test)which results in an SQL injection, where the attacker has full control over the database. He can dump all data, delete the whole database or create new users for example.
If the user can control the database, he can insert values to gain remote code execution on the web server by using Drupal features with callbacks.
DORK TO FIND VUL. WEBSITE
-----------------------------------------------
inurl:drupal7/?q=
inurl:?q=node/
inurl:?q=node/1
inurl:?q=user/login
inurl:?q=user/register
intext:Powered by drupal
intitle: Drupal | inurl:?q=node/ Exploit Available Here
=> http://www.mediafire.com/download/fo06tp37racktd2/drupal+exploit.py
Seriously,If i can read all your coments and I know shag..all,on how these systems work,then it can't be all that private can it???? Come on guys wheres the real justification for all the big who ha about the so called dark web Dark Web vpn for torrenting
ReplyDelete"Google Gravity is a search engine trick based on java script. It was launched by Google in 2009 but after that it become inactive due to unknown reason but you can access it through some third party sites or from direct Google by turning off instance result and typing keyword “ Google Gravity “ in the search bar then pressing “ I am Felling Lucky” button instead of Search.
ReplyDeleteThere are many other Google Gravity Tricks that you can try and its sort of fun games for people. You can even try yourself by using the keywords listed below.
Google Gravity
Google Underwater
Google Terminal
Go"
I am always curious as what darknet is... As much as I want to surf on that page there is always a hesitation on my part because i'm afraid that most of the user of darknet are hackers and I might get hack by them.
ReplyDeleteJoseph Donahue
I thought this was interesting. At first I thought it was about something like witchcraft, etc. I would like to find out more about it. I wonder why it is not accessed on the regular web.
ReplyDeleteCrazyAsk
Really interesting! I've heard of the dark net but thought that only really savvy computer people could access it. Thank you so much for the information. I'm going to have a look, even though I don't think I will be able to find the interesting stuff like subversive political writing from people in repressed countries. I'll have fun looking though!
ReplyDeleteKelly Hubbard
I've never heard of it, but can understand why it is needed by certain factors. This is interesting information.
ReplyDeleteHarold Burton
Good lord that’s awful. Part of the problem with defending certain freedoms to people who are getting their information on some topics exclusively from the media(I’m not bashing the media, but they can’t cover all the nuances of some topics) is that to them it can appear that you are defending monsters. I fully support the right of all people to have easy access to unbreakable cryptography, something which allowed these men to get away with and spread the contemptuous things they did for so long. To someone whose knowledge of Tor and the Darknet is this court case(and perhaps the unproven murder for hire accusations against Ross) then the only logical conclusion to draw is that I want children to be less safe and for child abusers to be able to get some kind of sick darknet fame while law enforcement is helpless against these men’s digital security. However, the same core technology(strong encryption) that holds Tor together is also what keeps us all from having our identities stolen every time we put our credit card information into Amazon.
ReplyDeleteOn the topic at hand, I think people prefer to keep the darkest of the darknet a mythical unknown for several reasons. First, almost every single time there is a major deepweb child pornography bust the people arrested are just normal looking people; we don’t want to think that the people we see walking down the street every day may do unspeakable things when they’re alone. To a certain degree I think it’s less that humanity has a fear of the unknown as much as it has a compulsion to fear the unknown; these people, while the worst of the worst mankind has to offer, are a known fear, which makes them significantly less frightening than the untold monstrosities our imagination cooks up at the back of our minds.
Paul Brown