Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Drupal 5.x, 6.x <= Stored Cross Site Scripting Vulnerability
From: Justin Klein Keane <justin () madirish net>
Date: Fri, 14 Jan 2011 12:35:43 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I think I should also point out that I disclosed these vulnerabilities
starting in May of 2009 (http://www.madirish.net/?article=256, and
similarly http://www.madirish.net/?article=429) and went through this
same discussion already.

Justin Klein Keane
http://www.MadIrish.net

The digital signature on this message can be confirmed using
the public key at http://www.madirish.net/gpgkey

On 01/13/2011 11:40 PM, YGN Ethical Hacker Group wrote:
On Fri, Jan 14, 2011 at 4:28 AM, Justin Klein Keane <justin () madirish net> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Drupal security has been aware of this issue for quite some time now.
But basically, as their response indicates, you need admin access to
exploit these issues.  However, if you have admin access you can execute
PHP and basically do anything you want.  Your vulnerability hinges on
being able to bypass the CSRF security in place in Drupal.  Seems like a
bit of a stretch to release this as an advisory.  Why not include the
fact that if you can bypass the CSRF detection you can also execute
arbitrary code with the privileges of the web server?




"If you 0wn a server, you 0wn one machine"

"If you 0wn clients, you 0wn thousands of machine".


http://cyberinsecure.com/?s=iframe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iPwEAQECAAYFAk0wiW8ACgkQkSlsbLsN1gCVogb/UblV3d/Cr/IjEw2iDImjRJ7i
tBwbNXt4TTKsgvjmTeR2kpy+KfVlJbF3z/+bozPhXokE0x8pN3ZsSq/Y+fymkeIh
ZQEc3JqibK3ouydisVB/mr9+K/Uu9Ob4z4povbhf+LaOT/LcoNOsLGdQBkopqEaO
uGxWAVJy9h4OrQmEcnK6epQLk41ho32woLveAarl/bKEiYouaxSNVFXEFt8Shsgg
Is4EBraRnezS2KreRobYNYyMXveC0WBIPR3OLTxVC8Eq050c7yp9pwYLy5Jx1AcM
P5LYv2smfmiQhhU8jrY=
=/g0a
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault