Full Disclosure mailing list archives
Re: [Security-news] SA-CONTRIB-2012-051 - Activity - Multiple Vulnerablities
From: Greg Knaddison <greg.knaddison () acquia com>
Date: Thu, 29 Mar 2012 06:35:06 -0600
I should note that Justin was a reporter of the issue to the Drupal Security Team. When writing the advisory he was mistakenly excluded. That's been corrected in the html version of this advisory http://drupal.org/node/1506562 On Wed, Mar 28, 2012 at 4:40 PM, Justin C. Klein Keane <justin () madirish net> wrote:
Exploit for bespoke:
<snip>
Patch:
<snip> Note that Justin's POC and patch below only address the XSS issue and not the CSRF issue. Regards, Greg -- Director Security Services | +1-720-310-5623 Skype: greg.knaddison | http://twitter.com/greggles | http://acquia.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [Security-news] SA-CONTRIB-2012-051 - Activity - Multiple Vulnerablities security-news (Mar 28)
- Re: [Security-news] SA-CONTRIB-2012-051 - Activity - Multiple Vulnerablities Justin C. Klein Keane (Mar 28)
- Re: [Security-news] SA-CONTRIB-2012-051 - Activity - Multiple Vulnerablities Greg Knaddison (Mar 29)
- Re: [Security-news] SA-CONTRIB-2012-051 - Activity - Multiple Vulnerablities Justin C. Klein Keane (Mar 28)