|
|
Drupal XSS Vulnerability (main page and sub pages): msg#00302security.bugtraq
------------------------------------------------------ Drupal XSS Vulnerability (main page and sub pages) ------------------------------------------------------ Any kind of XSS attacks possibility. An attacker could access other users/admin drupal accounts. ------------------------------------------------------ About Drupal; ------------------------------------------------------ www.drupal.com Drupal is an open-source platform and content management system for building dynamic web sites offering a broad range of features and services including user administration, publishing workflow, discussion capabilities, news aggregation, metadata functionalities using controlled vocabularies and XML publishing for content sharing purposes. Equipped with a powerful blend of features and configurability, Drupal can support a diverse range of web projects ranging from personal weblogs to large community-driven sites. ------------------------------------------------------ Vulnerable; ------------------------------------------------------ TESTED; Drupal 4.2.0 RC NOT TESTED - %90 VULNERABLE; Drupal 4.1.0 Drupal 4.0.0 Drupal 3.0.2 Drupal 3.0.1 Drupal 3.0.0 Drupal 2.0.0 Drupal 1.0.0 ------------------------------------------------------ Not Vulnerable; ------------------------------------------------------ Drupal 4.2.0 RC ------------------------------------------------------ Vendor Status; ------------------------------------------------------ Vendor replied and fixed quickly. ------------------------------------------------------ Solution & Patches; ------------------------------------------------------ xss-cvs.patch xss-4.2.0-rc.patch xss-4.1.0.patch Download Patch Files : http://ferruh.mavituna.com/opensource/patches/drupalpatch.zip Better one download new version from www.drupal.org [All files provided by Vendor] ------------------------------------------------------ Exploit Code; ------------------------------------------------------ http://[victim]/xxx"][script]alert(document.domain)]/script][" ------------------------------------------------------ Exploit - 2; ------------------------------------------------------ http://[victim]/node/view/666";><script>alert(document.domain)</script> Replace "[]","<>" ------------------------------------------------------ History; ------------------------------------------------------ 30.05.2003 - Discovered 03.05.2003 - Vendor Informed 03.05.2003 - Fixed by Vendor Ferruh Mavituna Web Application Security Specialist http://ferruh.mavituna.com ferruh@xxxxxxxxxxxx |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Cisco IOS exploit (44020): 00302, Martin Kluge |
|---|---|
| Next by Date: | RE: Disclosure-for-pay?: 00302, Martin Walker |
| Previous by Thread: | Cisco IOS exploit (44020)i: 00302, Martin Kluge |
| Next by Thread: | Path disclosure and file retrieving in AtomicBoard-0.6.2: 00302, gr00vy |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | Mail Home | sitemap | FAQ | advertise |