簡介

Drupal 7 出現 SQL Injection 漏洞，可讓任意匿名使用者執行任意操作。

Warning

• Versions of Drupal 7 prior to 7.32

問題點

diff --git a/includes/database/database.inc b/includes/database/database.inc
index f78098b..01b6385 100644
--- a/includes/database/database.inc
+++ b/includes/database/database.inc
@@ -736,7 +736,7 @@ abstract class DatabaseConnection extends PDO {
// to expand it out into a comma-delimited set of placeholders.
foreach (array_filter($args, 'is_array') as $key => $data) {
$new_keys = array();
- foreach ($data as $i => $value) {
+ foreach (array_values($data) as $i => $value) {
// This assumes that there are no other placeholders that use the same
// name. For example, if the array placeholder is defined as :example
// and there is already an :example_2 placeholder, this will generate

結論

更新至最新版 Ver. 7.32 。

參考資料：http://www.zdnet.com/sql-injection-flaw-opens-drupal-sites-to-attack-7000034719/

參考資料：http://www.oschina.net/news/56164/drupal-patches-sql-injection-vulnerbility