Slashdot Mirror

← Back to Stories (view on slashdot.org)

Drupal Warns Users of Mass, Automated Attacks On Critical Flaw

Posted by timothy on from the big-targets-get-hit-first dept.

Trailrunner7 writes The maintainers of the Drupal content management system are warning users that any site owners who haven't patched a critical vulnerability in Drupal Core disclosed earlier this month should consider their sites to be compromised. The vulnerability, which became public on Oct. 15, is a SQL injection flaw in a Drupal module that's designed specifically to help prevent SQL injection attacks. Shortly after the disclosure of the vulnerability, attackers began exploiting it using automated attacks. One of the factors that makes this vulnerability so problematic is that it allows an attacker to compromise a target site without needing an account and there may be no trace of the attack afterward.

2 of 76 comments (clear)

  1. Actual irony? by TWX · · Score: 5, Funny

    SQL injection flaw in a Drupal module that's designed specifically to help prevent SQL injection attacks

    Would this be actual irony, as opposed to Alanis Morrissette irony?

    --
    Do not look into laser with remaining eye.
    1. Re:Actual irony? by bill_mcgonigle · · Score: 3, Funny

      Would this be actual irony, as opposed to Alanis Morrissette irony?

      That a song with that name contains no actual examples of irony is ______.

      This message brought to you by Deep Metathinking and the Number 12.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)