Full Disclosure mailing list archives
Re: Drupal 5.x, 6.x <= Stored Cross Site Scripting Vulnerability
From: Justin Klein Keane <justin () madirish net>
Date: Fri, 14 Jan 2011 12:35:43 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I think I should also point out that I disclosed these vulnerabilities starting in May of 2009 (http://www.madirish.net/?article=256, and similarly http://www.madirish.net/?article=429) and went through this same discussion already. Justin Klein Keane http://www.MadIrish.net The digital signature on this message can be confirmed using the public key at http://www.madirish.net/gpgkey On 01/13/2011 11:40 PM, YGN Ethical Hacker Group wrote:
On Fri, Jan 14, 2011 at 4:28 AM, Justin Klein Keane <justin () madirish net> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Drupal security has been aware of this issue for quite some time now. But basically, as their response indicates, you need admin access to exploit these issues. However, if you have admin access you can execute PHP and basically do anything you want. Your vulnerability hinges on being able to bypass the CSRF security in place in Drupal. Seems like a bit of a stretch to release this as an advisory. Why not include the fact that if you can bypass the CSRF detection you can also execute arbitrary code with the privileges of the web server?"If you 0wn a server, you 0wn one machine" "If you 0wn clients, you 0wn thousands of machine". http://cyberinsecure.com/?s=iframe
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iPwEAQECAAYFAk0wiW8ACgkQkSlsbLsN1gCVogb/UblV3d/Cr/IjEw2iDImjRJ7i tBwbNXt4TTKsgvjmTeR2kpy+KfVlJbF3z/+bozPhXokE0x8pN3ZsSq/Y+fymkeIh ZQEc3JqibK3ouydisVB/mr9+K/Uu9Ob4z4povbhf+LaOT/LcoNOsLGdQBkopqEaO uGxWAVJy9h4OrQmEcnK6epQLk41ho32woLveAarl/bKEiYouaxSNVFXEFt8Shsgg Is4EBraRnezS2KreRobYNYyMXveC0WBIPR3OLTxVC8Eq050c7yp9pwYLy5Jx1AcM P5LYv2smfmiQhhU8jrY= =/g0a -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Drupal 5.x, 6.x <= Stored Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Jan 13)
- Drupal 5.x, 6.x <= Stored Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Jan 13)
- Re: Drupal 5.x, 6.x <= Stored Cross Site Scripting Vulnerability Justin Klein Keane (Jan 13)
- Re: Drupal 5.x, 6.x <= Stored Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Jan 13)
- Re: Drupal 5.x, 6.x <= Stored Cross Site Scripting Vulnerability Justin Klein Keane (Jan 14)
- Re: Drupal 5.x, 6.x <= Stored Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Jan 13)