what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Drupal 6.12 Cross Site Scripting

Drupal 6.12 Cross Site Scripting
Posted May 20, 2009
Authored by Justin C. Klein Keane

Drupal version 6.12 suffers from a cross site scripting vulnerability. This is to be taken with a grain of salt as administrative privileges are needed.

tags | exploit, xss
SHA-256 | 7de0441765eec64f123f8be8653e1804461109d8f0708cdb787b027d8495ce13

Drupal 6.12 Cross Site Scripting

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Details of this disclosure have been posted at
http://lampsecurity.org/drupal-role-xss-vulnerability

Vendor Notified: 05/19/09
Vendor Response: Drupal security team responds that this vulnerability
has been publicly disclosed since October 2, 2008 and it is not
considered a "security risk." Ref: http://drupal.org/node/316136.

Description of Vulnerability
- ----------------------------
Drupal (http://drupal.org) is a robust content management system (CMS)
written in PHP and MySQL that provides extensibility through hundreds of
third party modules. The user module is provided as part of the Drupal 6
core modules and contains a cross site scripting (XSS) vulnerability
that can allow users with the 'administer permissions' permission to
inject arbitrary HTML into role names. Users with 'administer
permissions' permission could create new roles containing malicious
JavaScript and silently attack site administrators. While users with
this permission could elevate the permissions of their own role using
permissions they have been granted, this flaw could allow for a
"stealth" attack vector.

Systems Affected
- ----------------
Drupal 6.12 was tested and shown to be vulnerable

Impact
- ------
Authenticated users with 'administer permissions' can exploit this
vulnerability to attack other users with privileges to view roles.

Mitigating factors:
- -------------------
Attacker must have 'administer permissions' permissions in order to
exploit this vulnerability. Having this permission would allow a user to
elevate permissions of their own role so this vulnerability would
represent a more subtle attack vector.

Proof of concept:
- -----------------
1. Install Drupal 6.12.
2. Click Administer -> User management -> Roles
3. Enter "<script>alert('xss');</script>" in the "Name" textarea
4. Click the "Add Role" button
5. Observe JavaScript alert

NB
- ----
Note that this XSS affects several other functions in the Drupal 6
administrative back end.

- --

Justin C. Klein Keane
http://www.MadIrish.net
http://LAMPSecurity.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org

iPwEAQECAAYFAkoTMxUACgkQkSlsbLsN1gCj7gb+J8Dtp8UkC/JvWlqjNvq0Geoy
2iBxGZc98m4DLGf6wqeQ5aeEMUMvITEB6MA3AKfha6p55fnL3Y3eQoydCM8CeKkB
Zianya35NiJfZnAvesAYJuvYCGZHs7prSg3FhFHsLCEAXv1oWb6yAbGXK6dxGd+7
ljeMOjfKCvRbcFq+Pf9WsCBSXp++5MrVU1Tfz8MH4Q62Ku6ln42ZqC5v4exrG4vR
THmPaIL74M0vxJbv/gvvXkEOplEvGyWUn20GDiMjk+tzJLQw76JvUt+VlBXdI0mB
Wb1QZJnu1lAqK1SDYOU=
=J8AK
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close