exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Drupal Hotblocks 6.x Cross Site Scripting

Drupal Hotblocks 6.x Cross Site Scripting
Posted Aug 15, 2012
Authored by Justin C. Klein Keane

Drupal version 6.22 with Hotblocks 6.x suffers from cross site scripting and denial of service vulnerabilities. Proof of concept information included.

tags | exploit, denial of service, vulnerability, xss, proof of concept
SHA-256 | 17fd7caf06fdac8c5a9e14bc764b6c00c9303d84f1395974dc92767ed9a8a7f2

Drupal Hotblocks 6.x Cross Site Scripting

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

For the curious:

XSS Exploit:
- ---------------
1. Install and enable the HotBlocks module
2. Navigate the Hotblocks setting page at ?q=admin/settings/hotblocks
3. Change Block #1 Name to "<script>alert('xss');</script>"
4. View the rendered Javascript at ?q=admin/content/hotblocks

Denial of Service Exploit:
- --------------------------------
1. Install and enable the HotBlocks module
2. Navigate the Hotblocks setting page at ?q=admin/settings/hotblocks
3. Change Block #1 Name to "<script>alert('xss');</script>"
4. Change "Term for hotblocks item:" to "hotblock item
<script>alert('hotblock term');</script>"
5. Change "Term for hotblocks items:" to "hotblock item
<script>alert('hotblock terms');</script>"
6. Save configuration
7. Go to Block admin at ?q=admin/build/block
8. Drag the Block #1 to the left sidebar and 'Save'
9. Return to the home page.
9. Click the 'Put a hotblock here' icon in the left sidebar and click
the malicious name. This points to a link such as
hotblocks/assign/11/1?destination=node&path=node&systemtype=block&token=343d600c37a2ed557df7cd22a0010352
10. Refresh the page - WSOD, error logs indicate something like:
[Mon Aug 06 15:42:37 2012] [notice] child pid 4559 exit signal
Segmentation fault (11)
or
[Mon Aug 06 15:22:29 2012] [error] [client 10.10.0.1] PHP Fatal error:
Maximum execution time of 30 seconds exceeded in
/var/www/html/drupal-6.26/includes/bootstrap.inc on line 860, referer:
http://10.10.0.101/drupal/


Justin C. Klein Keane
http://www.MadIrish.net

The PGP signature on this email can be verified using the public key at
http://www.madirish.net/gpgkey
Login or Register to add favorites

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    16 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close