Drupal websites hacked using SQL injection flaw

Kevin Lancaster · May 23, 2016

Drupal websites hacked using SQL injection flaw

Hackers have attacked hundreds of Drupal websites, installing ransomware that hijacks the website’s main page.

Garson007 · May 23, 2016

Hahahahahahaha. Wut. What software today still allows SQL injection? Bad dev.

Batista · May 23, 2016

Garson007 said:
Hahahahahahaha. Wut. What software today still allows SQL injection? Bad dev.

2 years ago i injected into our companies www.I scraped all the passwords and logins for the hosting company and then emailed them their whole database in excel.To this date I still havnt been thanked for exposing their weak ass security.

Garson007 · May 23, 2016

The problem is that it's a security problem that's been fixed for yonks. How do developers still use a method they know is unsafe, when a trivially simple secure function exists?

rrh · May 23, 2016

Garson007 said:
Hahahahahahaha. Wut. What software today still allows SQL injection? Bad dev.

I agree that it's bad development. OTOH SQL injection still tops OWASP's top ten ...

rrh · May 23, 2016

Batista said:
2 years ago i injected into our companies www.I scraped all the passwords and logins for the hosting company and then emailed them their whole database in excel.To this date I still havnt been thanked for exposing their weak ass security.

It's also unlikely that they have fixed the problem

Join the MyBroadband community

Get started

Drupal websites hacked using SQL injection flaw

Kevin Lancaster

MyBroadband Editor

Garson007

Honorary Master

Batista

Executive Member

Garson007

Honorary Master

rrh

Expert Member

rrh

Expert Member