Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Drupal 5.x, 6.x <= Stored Cross Site Scripting Vulnerability
From: YGN Ethical Hacker Group <lists () yehg net>
Date: Fri, 14 Jan 2011 12:40:19 +0800

On Fri, Jan 14, 2011 at 4:28 AM, Justin Klein Keane <justin () madirish net> wrote:
Hash: SHA1

Drupal security has been aware of this issue for quite some time now.
But basically, as their response indicates, you need admin access to
exploit these issues.  However, if you have admin access you can execute
PHP and basically do anything you want.  Your vulnerability hinges on
being able to bypass the CSRF security in place in Drupal.  Seems like a
bit of a stretch to release this as an advisory.  Why not include the
fact that if you can bypass the CSRF detection you can also execute
arbitrary code with the privileges of the web server?

"If you 0wn a server, you 0wn one machine"

"If you 0wn clients, you 0wn thousands of machine".


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]