Collaborate Disseminate
My drupal website was getting hacked recently. While cleaning up the malicious scripts, I found that the hacker uploaded an image file (sites/default/files/test.jpg) contains below code.
error_reporting(0);
require_once(‘includes/session.i… Continue reading PHP code in image file
This week we’re starting off with a somber note, as Dan Kaminsky passed at only 42, of diabetic ketoacidosis. Dan made a name for himself by noticing a weakness in …read more Continue reading This Week in Security: Dan Kaminsky, Banned from Kernel Development, Ransomware, And The Pentagon’s IPv4 Addresses
Edtech is so widespread, we already need more consumer-friendly nomenclature to describe the products, services and tools it encompasses. Continue reading Extra Crunch roundup: Edtech VC survey, 5 founder mistakes, fintech liquidity, more
I am trying to figure out what a php malware attack is doing.
It looks like the code got injected into php files throughout the application.
There are multiple files with weird names created.
All index.php files have a .ico file @include w… Continue reading How does this php malware code work? [closed]
Moving from dorm room to billion-dollar exit is the dream of every startup founder. Dries Buytaert got there by being bold, working hard and thinking big. Continue reading Drupal’s journey from dorm-room project to billion-dollar exit
Drupal has released out-of-band security updates to fix two critical code execution flaws (CVE-2020-28948, CVE-2020-28949) in Drupal core, as “there are known exploits for one of core’s dependencies and some configurations of Drupal are vul… Continue reading Out-of-band Drupal security updates fix bugs with known exploits
Admins of sites running on Drupal are urged to plug a critical security hole (CVE-2020-13671) that may be exploited by attackers to take over vulnerable sites. They have also been urged to check that the vulnerability hasn’t already been covertly… Continue reading Drupal-based sites open to attack via double extension files (CVE-2020-13671)
Earlier this year, the Checkmarx Security Research Team conducted an investigation of the new version of Drupal Core (Drupal 9) – a content management system (CMS) written in PHP – uncovering several interesting issues whose technical details are worth… Continue reading Drupal Core: Behind the Vulnerability
Acquia, the commercial company built on top of the open source Drupal content management system has pushed to be more than a publishing platform in recent years, using several strategic acquisitions to move into managing customer experience, and today the company announced a new approach to developing and marketing on the Drupal Cloud. This involves […] Continue reading New Acquia platform looks to bring together developers, marketers and data
Drupal’s security team has fixed three vulnerabilities in the popular content management system’s core, one of which (CVE-2020-13663) could be exploited to achieve remote code execution. Drupal is a free and open-source web content manageme… Continue reading Drupal fixes three vulnerabilities, including one RCE