Closed (fixed)
Project:
Bibliography Module
Version:
7.x-1.0-rc6
Component:
Code
Priority:
Critical
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
17 Jul 2013 at 16:06 UTC
Updated:
7 Aug 2013 at 13:51 UTC
Moving to the public issue queue since the 7.x version does not have a stable release
This should be applied and a new release made (marked security)
| Comment | File | Size | Author |
|---|---|---|---|
| biblio-pages-order_0.patch | 3.32 KB | pwolanin |
Comments
Comment #1
aitala commentedHmm... this explains much about a site from which I recently removed the biblio module.
E
Comment #2
rjerome commentedFixed in rc6
Comment #3
greggles@aitala - do you mean that you believe the site was attacked via sql injection?
Comment #4
aitala commentedI was testing the biblio module and never made it publicly available. Once I disabled and removed it, I noticed a number of 'page not found' errors from anonymous user trying to access it. Seems odd to me...
E
Comment #5
greggles@aitala - did the "page not found" errors have odd parameters that looked like sql injection? Those would be something like "DESC UNION NEW QUERY STATEMENT HERE;" or "DESC; NEW QUERY STATEMENT HERE;" so they would be pretty obvious as sql injection.
Comment #6
aitala commented@greggles - No, but they did appear to be doing a sort or an order at the Drupal level. If I had seen any SQL, I would have known there was a hack attempt. It looked to be more of a probe than anything else.
The site in question was in Wordpress (over a year ago) , but I still see attempts to get at the WP login/signup pages. And the site gets very little traffic so I gather it got on some sort of 'Attack Me' list somewhere.
E
Comment #7
gregglesUnfortunately that seems to be every domain and every IP on the internet ;) In my experience, automated bots/spiders (whether malicious or not) start probing sites within days of their existence and never seem to stop.