mailing list archives
Re: Drupal 5.x, 6.x <= Stored Cross Site Scripting Vulnerability
From: YGN Ethical Hacker Group <lists () yehg net>
Date: Fri, 14 Jan 2011 12:40:19 +0800
On Fri, Jan 14, 2011 at 4:28 AM, Justin Klein Keane <justin () madirish net> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Drupal security has been aware of this issue for quite some time now.
But basically, as their response indicates, you need admin access to
exploit these issues. However, if you have admin access you can execute
PHP and basically do anything you want. Your vulnerability hinges on
being able to bypass the CSRF security in place in Drupal. Seems like a
bit of a stretch to release this as an advisory. Why not include the
fact that if you can bypass the CSRF detection you can also execute
arbitrary code with the privileges of the web server?
"If you 0wn a server, you 0wn one machine"
"If you 0wn clients, you 0wn thousands of machine".
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/