what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Drupal FileField 6.x-3.3 Arbitrary Script Injection

Drupal FileField 6.x-3.3 Arbitrary Script Injection
Posted Jun 18, 2010
Authored by Justin C. Klein Keane

Drupal FileField version 6.x-3.3 suffers from an arbitrary script injection vulnerability.

tags | advisory, arbitrary
advisories | CVE-2010-1958
SHA-256 | 195ac8bf25a0d707e3dc03d63a39790bd60056ef575e948ce4d41f1c34ef8240

Drupal FileField 6.x-3.3 Arbitrary Script Injection

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

FileField 6.x-3.3 Arbitrary Script Injection Vulnerability

CVE-2010-1958

Description of Vulnerability:
- -----------------------------
Drupal (http://drupal.org) is a robust content management system (CMS)
written in PHP and MySQL. The Drupal FileField module
(http://drupal.org/project/filefield) "provides a universal file upload
field for CCK. It is a robust alternative to core's Upload module and an
absolute must for users uploading a large number of files. Great for
managing video and audio files for podcasts on your own site." The
FileField module contains a cross site scripting (XSS) vulnerability due
to the fact that it fails to sanitize image filenames before display.

Systems affected:
- -----------------
Drupal 6.16 with CCK 6.x-2.6 and FileField 6.x-3.3 was tested and shown
to be vulnerable.

Impact
- ------
Users who have rights to create content may upload files (including
images) with malicious names that could result in script execution.
This could result in administrative account compromise leading to web
server process compromise.

Mitigating factors:
- -------------------
Attacker must have rights to create content of a type that employs an
FileField CCK element. This would include most content that had
attachments including imagery, documents, etc.

Additionally, Drupal's file handling must be set to Public in the File
system settings at ?q=admin/settings/file-system. This is the default
configuration.

Further Details:
- ----------------
Further details about this vulnerability can be found at
http://www.madirish.net/?article=461

Vendor Response:
- ------------------------------------------
Vendor has responded by releasing a fixed version and a detailed
security announcement. Vendor response is fully detailed in
SA-CONTRIB-2010-066 (http://drupal.org/node/829808)

- --
Justin C. Klein Keane
http://www.MadIrish.net

The digital signature on this message can be confirmed
using the public key at http://www.madirish.net/gpgkey
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iPwEAQECAAYFAkwaHF0ACgkQkSlsbLsN1gC1Nwb+PFlE/a/PtZJdjnI3IO18FzaV
nZkEfBlngdsHZLW+G9qoaXyORZ781uIkRtQJMEQBEKBFWAYfPAuvAk2eq7xxhoZl
X8zrKtJYb7gkWZO+7iBGs0q/ah7FKLCPr578SgMcilCLn7OmjkEFJOqRH0Fb2kVu
beiL3N5vEVI4Qz/qygglMvsFyRm4v22l8SeYKFrs/e7x+NR8puQjVvSeF5dFSQ7x
oqJrdPqD29fO3sfKVR/IqIGwFg+nzLUrvmqT4p7HSsxjbc5IXGRn+MohbRz/RS1C
rzqZI/ytPkuBp2XRqdI=
=EpO+
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close