Full Disclosure mailing list archives
Re: Drupal 5.x, 6.x <= Stored Cross Site Scripting Vulnerability
From: YGN Ethical Hacker Group <lists () yehg net>
Date: Fri, 14 Jan 2011 12:40:19 +0800
On Fri, Jan 14, 2011 at 4:28 AM, Justin Klein Keane <justin () madirish net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Drupal security has been aware of this issue for quite some time now. But basically, as their response indicates, you need admin access to exploit these issues. However, if you have admin access you can execute PHP and basically do anything you want. Your vulnerability hinges on being able to bypass the CSRF security in place in Drupal. Seems like a bit of a stretch to release this as an advisory. Why not include the fact that if you can bypass the CSRF detection you can also execute arbitrary code with the privileges of the web server?
"If you 0wn a server, you 0wn one machine" "If you 0wn clients, you 0wn thousands of machine". http://cyberinsecure.com/?s=iframe _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Drupal 5.x, 6.x <= Stored Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Jan 13)
- Drupal 5.x, 6.x <= Stored Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Jan 13)
- Re: Drupal 5.x, 6.x <= Stored Cross Site Scripting Vulnerability Justin Klein Keane (Jan 13)
- Re: Drupal 5.x, 6.x <= Stored Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Jan 13)
- Re: Drupal 5.x, 6.x <= Stored Cross Site Scripting Vulnerability Justin Klein Keane (Jan 14)
- Re: Drupal 5.x, 6.x <= Stored Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Jan 13)