what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Drupal Modules Cross Site Scripting / Cross Site Request Forgery

Drupal Modules Cross Site Scripting / Cross Site Request Forgery
Posted Mar 14, 2012
Site drupal.org

Various Drupal modules such as Content Lock, Ubercart Bulk Stock Updater, Ubercart Payflow Link, ticketyboo News Ticker, Admin tools, and Redirecting click bouncer suffer from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, xss, sql injection, csrf
SHA-256 | dfba66004ce172b759e13bd0d69c968ca2876ae3c5a889fa13c062cb84aef994

Drupal Modules Cross Site Scripting / Cross Site Request Forgery

Change Mirror Download
  * Advisory ID: DRUPAL-SA-CONTRIB-2012-036
* Projects: Content Lock [1], Ubercart Bulk Stock Updater [2], Ubercart
Payflow Link [3], ticketyboo News Ticker [4], Admin tools [5], Redirecting
click bouncer [6] (third-party modules)
* Version: 6.x
* Version: 7.x
* Date: 2012-March-14
* Security risk: Critical [7]
* Exploitable from: Remote
* Vulnerability: Information Disclosure

-------- DESCRIPTION
---------------------------------------------------------

Content Lock [8] Is a module that prevents users from concurrent editing of
nodes. This module does not use a token for unlocking a content lock. This
leads to a CSRF attack vector. Ubercart Bulk Stock Updater [9] is an
extension module for Ubercart 2.x running on Drupal 6.x which makes it easy
to bulk-edit product stock levels. This module does not properly use the
formAPI and this results in a CSRF attack vector. Ubercart Payflow Link [10]
is a payment solution for ubercart provided by PayPal. This module does not
use a secure token and thus could allow payments to be forged. ticketyboo
News Ticker [11]is a module that lets you configure three separate news
tickers as Drupal Blocks. This module does not filter output correctly
leading to a XSS attack vector. It may also have a SQL injection vector.
Admin tools [12] This package will contain a complete set of tools for
managing several drupal installs. This module does not properly filter text
leading to a XSS attack vector, as well as not checking tokens leading to a
CSRF attack vector. Redirecting click bouncer [13], is a module that lets you
create links to a target that simply redirects to the real destination. The
redirect happens server-side which means that we can track the redirects.
This comes handy when we have links in our site and we need to know when they
are clicked. This module does not check the URL to redirect to, this create
an open redirect.
-------- VERSIONS AFFECTED
---------------------------------------------------

* All versions of Content Lock are affected by vulnerabilities.
* All versions of Ubercart Bulk Stock Updater payment are affected by
vulnerabilities.
* All versions of Ubercart Payflow Link are affected by vulnerabilities.
* All versions of ticketyboo News Ticker are affected by vulnerabilities.
* All versions of Admin tools are affected by vulnerabilities.
* All versions of Redirecting click bouncer are affected by vulnerabilities.
* All versions of Printer, e-mail and PDF versions are affected by
vulnerabilities.

Drupal core is not affected. If you do not use one of the contributed modules
listed above, there is nothing you need to do.

-------- SOLUTION
------------------------------------------------------------

Users of these modules are encouraged to disable the modules and search for
similar alternatives. Users of the module who wish to take over
maintainership should post patches to the issue queue to fix the security
issues and request maintenance following the Unsupported project process
[14].

-------- REPORTED BY
---------------------------------------------------------

* Content Lock issue reported by Charlie Gordon [15]
* Ubercart Bulk Stock Updater issue reported by Peter Boden [16]
* Ubercart Payflow Link issue reported by Dylan Tack [17] of the Drupal
Security Team
* ticketyboo News Ticker issue reported by Sascha Grossenbacher [18]
* Admintools issue reported by Ivo Van Geertruyen [19] of the Drupal
Security Team
* Redirecting click bouncer issue reported by
John T. Haller

-------- FIXED BY
------------------------------------------------------------

No fixes created.

-------- COORDINATED BY
------------------------------------------------------

* Michael Hess [20] of the Drupal Security Team

-------- CONTACT AND MORE INFORMATION
----------------------------------------

The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [21].

Learn more about the Drupal Security team and their policies [22], writing
secure code for Drupal [23], and securing your site [24].


[1] http://drupal.org/project/content_lock
[2] http://drupal.org/project/uc_bulk_stock_updater
[3] http://drupal.org/project/uc_payflowlink
[4] http://drupal.org/project/ticketyboo
[5] http://drupal.org/project/admintools
[6] http://drupal.org/project/bouncer
[7] http://drupal.org/security-team/risk-levels
[8] http://drupal.org/project/content_lock
[9] http://drupal.org/project/uc_bulk_stock_updater
[10] http://drupal.org/project/uc_payflowlink
[11] http://drupal.org/project/ticketyboo
[12] http://drupal.org/project/admintools
[13] http://drupal.org/project/bouncer
[14] http://drupal.org/node/251466
[15] http://drupal.org/user/157412
[16] http://drupal.org/user/55050
[17] http://drupal.org/user/96647
[18] http://drupal.org/user/214652
[19] http://drupal.org/user/383424
[20] http://drupal.org/user/102818
[21] http://drupal.org/contact
[22] http://drupal.org/security-team
[23] http://drupal.org/writing-secure-code
[24] http://drupal.org/security/secure-configuration

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close