Drupalgeddon2: operation of SA-CORE-2018-002

Drupalgeddon2 still came to us.
 
 
Drupalgeddon2: operation of SA-CORE-2018-002
 
 
What happened? After the insane announcement of "one of the most terrible vulnerabilities of Drupal," everyone froze in anticipation of a working exploit and after 4 days even began to feel a bit sad, believing that the whole panic was in vain, since no one could come up with anything worthwhile. But it was worth only CheckPoint'u today publish working PoC on SA-CORE-2018-00? as the army of bots started attacking sites on Drupal, which is called "in the wild". pastebin.com/raw/b8eiGQRV (URL is taken directly from the query). What hackers will do with them further - depends on their imagination. Given the popularity of the miners, most likely backdoors will be used to host js-miners on the pages (or run the mining processes on the server), download phishing pages or spam mailers.
+ 0 -

Add comment