exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Drupal-Wiki 8.31 / 8.30 Cross Site Scripting

Drupal-Wiki 8.31 / 8.30 Cross Site Scripting
Posted May 9, 2024
Authored by Simon Bieber | Site secuvera.de

Drupal-Wiki versions 8.30 and 8.31 suffer from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2024-34481
SHA-256 | 3d088d17dda324bc2da3df91c94310af275ec6c5f0b68e54defa0a2c4496f8d0

Drupal-Wiki 8.31 / 8.30 Cross Site Scripting

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

secuvera-SA-2024-02: Multiple Persistent Cross-Site Scritping (XSS) flaws in Drupal-Wiki

Affected Products
Drupal Wiki 8.31
Drupal Wiki 8.30 (older releases have not been tested)

References
https://www.secuvera.de/advisories/secuvera-SA-2024-02.txt (used for updates)
CVE-2024-34481
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS-B: 6.4 ( CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N )
https://drupal-wiki.com/drupal-wiki-update-8-31/ (Vendor 1st Fix Release Notes)

Summary:
According to the Product Website Drupal-Wiki is an enterprise grade Wiki platform.
The comment function of a Drupal-Wiki-Page is prone to persistent Cross-Site Scritping
Attacks (persistent XSS).

Effect:
A remote attacker that is allowed to edit a wiki page or comment to a wiki page is able to
execute arbitrary (javascript) code within a victims' browser after the victim has opened
a wiki page with malicous comments or content.

Example:
1) XSS in comments to a Wiki Page
The Following steps are needed to exploit the vulnerability on a Wiki-Page assuming
that no login is needed to comment on a page.
1. Go to an arbitrary Wiki-Page.
2. Click on "submit comment" at the lower end of a Wiki Page
3. Enter the following into the comment form overlay and click on
the "save" button:
"'><img src=x onError=alert('XSS!')>

The above code creates a harmless JavaScript alert box whenever the Wiki-Page gets
loaded.
2) XSS in captions:
Open a Wiki-Page, insert a caption with the payload from example 1) and save it.


3) XSS in image titles
Open a Wiki-Page, insert an image with the payload from example 1) as title and save it.


Solution
Update to release 8.31.1 or newer.

Disclosure Timeline:
2024/03/20 vulnerability discovered
2024/03/21 vendor contacted to get security contact details
2024/03/21 vendor replied with contact information
2024/03/21 vulnerability details sent to security contact
2024/03/21 vendor confirmed vulnerability, proposed fix in next release update
2024/03/25 vendor release update containing fix.
2024/03/27 requested CVE-ID, reworked CVSS, tested fix. First fix not fully remediating
all issues, contacted vendor again to inform about fix test results.
2024/03/27 vendor replied confirming and proposed second fix with new update.
planned publication of the SA for 2024/04/14
2024/04/14 postponed public release as assign request of cve was not answered yet.
2024/05/06 CVE was assigned. Public release.

Credits:
Simon Bieber
sbieber@secuvera.de
secuvera GmbH
https://www.secuvera.de

Disclaimer:
All information is provided without warranty. The intent is to
provide information to secure infrastructure and/or systems, not
to be able to attack or damage. Therefore secuvera shall
not be liable for any direct or indirect damages that might be
caused by using this information.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE6mgEBCu3JYBqmGrgDIJc8mYSY6UFAmY4k7YACgkQDIJc8mYS
Y6Xa1A//cTQ41Wp55MJwjE0t7ABw1RSmPskosPycpMxKgU79LH7xwGLpTaRxd1H9
BiNK/Q/4j5Ad4JtM4TDwb0j7XGj07/Cp+hBcomqKohe7hgVflhZOzUcWKvfQUbQt
1yto71AauEpTz32YebZMxrFJLUXtnJU9pPQnAB5iZOyDT5rsXvEBmCnG6OF1kviy
juXiiR15rZEiiWdW+CaAz3qr07Te0WD1i14IPvE55tuKNwp9LOZr9+Fl3CM2atxs
/LSjgZnTIWODnpnuAD3D2XT5XIj1AK5cEGgg+si4UuYFK/v0nTP4Pytlw2HbS0au
WvAqtiI8YwuhQOYvsXoQ5UYHjZzc2BrQ5mn2MujHb17/eMyG2o3bgPnZ9x+PxDSi
Z++4iRnwolip0ha2E0bIwq8dVyHYcCPfwkrAk3vSmvLmzEivz+OyXPPWwB6EVq8q
3/DRa9fcVO985bxOeBHImyqgPLm8je70Z51GBezCPlHltYXZ8AHpBzqc7Jp0DgUB
UYlQ3y3a62E5oQ8Uo0S7YFkM7ZYhFaxBeVZs4gC1QOo2FNyQjVvD11digf9M+uSR
aH3SwpHhYSIremKeWG9xDGCjN2fiSuEJHdhwAzWUHFa1b7PArB3Ypq3ILKgJyIwx
1S/LYqnuiCC00tp48b8AzMUdYqyeXIfhvOiYMEzzBIq2Ft+IW9U=
=hWhw
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    18 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    6 Files
  • 28
    May 28th
    12 Files
  • 29
    May 29th
    31 Files
  • 30
    May 30th
    22 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close