[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Drupal 5.x, 6.x <= Stored Cross Site Scripting Vulnerability
- To: Justin Klein Keane <justin@xxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Drupal 5.x, 6.x <= Stored Cross Site Scripting Vulnerability
- From: YGN Ethical Hacker Group <lists@xxxxxxxx>
- Date: Fri, 14 Jan 2011 12:40:19 +0800
On Fri, Jan 14, 2011 at 4:28 AM, Justin Klein Keane <justin@xxxxxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Drupal security has been aware of this issue for quite some time now.
> But basically, as their response indicates, you need admin access to
> exploit these issues. However, if you have admin access you can execute
> PHP and basically do anything you want. Your vulnerability hinges on
> being able to bypass the CSRF security in place in Drupal. Seems like a
> bit of a stretch to release this as an advisory. Why not include the
> fact that if you can bypass the CSRF detection you can also execute
> arbitrary code with the privileges of the web server?
>
"If you 0wn a server, you 0wn one machine"
"If you 0wn clients, you 0wn thousands of machine".
http://cyberinsecure.com/?s=iframe
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/