Full Disclosure mailing list archives
Re: Drupal Imagefield Module Multiple Vulnerabilities
From: Valdis.Kletnieks () vt edu
Date: Thu, 29 Jan 2009 11:17:38 -0500
On Thu, 29 Jan 2009 09:15:46 EST, "Justin C. Klein Keane" said:
Two flaws exist in this module. The first flaw allows for an attacker to upload arbitrary files to the filesystem. The vulnerability allows attackers to upload arbitrary files in place of the 'Default image' specified in the Imagefield specifications for a content type field.
....
Attackers must be authenticated with an account that has 'administer content types' permissions.
Umm.. what's the risk here? Does the flaw allow the attacker to upload files that wouldn't be permitted even as the authorized account? Seems if they can administer content types, they can drop pretty much whatever they want onto the server (possibly limited as to where in the tree though), and all this does is let them drop stuff outside said tree?
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Drupal Imagefield Module Multiple Vulnerabilities Justin C. Klein Keane (Jan 29)
- Re: Drupal Imagefield Module Multiple Vulnerabilities Valdis . Kletnieks (Jan 29)
- Re: Drupal Imagefield Module Multiple Vulnerabilities Justin C. Klein Keane (Jan 29)
- Re: Drupal Imagefield Module Multiple Vulnerabilities Valdis . Kletnieks (Jan 29)