exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Drupal 6.20 With Data 6.x-1.0-alpha14 SQL Injection / Cross Site Scripting

Drupal 6.20 With Data 6.x-1.0-alpha14 SQL Injection / Cross Site Scripting
Posted Feb 10, 2011
Authored by Justin C. Klein Keane

Drupal version 6.20 with Data version 6.x-1.0-alpha14 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, xss, sql injection
SHA-256 | 46eef7ea59d38b661e543d3aaba60f8b3839c80236b4b0afc2de402f2b8e5e30

Drupal 6.20 With Data 6.x-1.0-alpha14 SQL Injection / Cross Site Scripting

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Description of Vulnerability:

Drupal (http://drupal.org) is a robust content management system (CMS)
written in PHP and MySQL. The Drupal Data module
(http://drupal.org/project/data) "helps you model, manage and query
related sets of tables. It offers an administration interface and a low
level API for manipulating tables and accessing their contents."

The Data module contains multiple Cross Site Scripting (XSS)
vulnerabilities because it fails to sanitize table descriptions, field
names or labels before display. This results in multiple stored XSS as
well as DOM based XSS vulnerabilities. Drupal site users with the
ability to create or edit tables using the Data module could inject
arbitrary HTML into administrative pages.

The Data module also contains numerous SQL injection vulnerabilities
because it fails to sanitize values for table names or column names
before invoking SQL statements. This allows users with the ability to
create or edit tables managed by the Data module to perform SQL
injection attacks.

Systems affected:

Drupal 6.20 with Data 6.x-1.0-alpha14 was tested and shown to be vulnerable.

Impact

User could inject arbitrary scripts into pages affecting site users.
This could result in administrative account compromise leading to web
server process compromise. A more likely scenario would be for an
attacker to inject hidden content (such as iframes, applets, or embedded
objects) that would attack client browsers in an attempt to compromise
site users' machines. This vulnerability could also be used to launch
cross site request forgery (XSRF) attacks against the site that could
have other unexpected consequences.

Mitigating factors:

In order to exploit this vulnerability the attacker must have
credentials to an authorized account that has been assigned the
permissions to administer or edit in the Data module. This could be
accomplished via social engineering, brute force password guessing, or
abuse or legitimate credentials.

Vendor response:

Drupal security team does not handle issues with pre-release versions of
modules (such as alpha or dev). These issues were reported in the
module's public issue queue (http://drupal.org/node/1056470).

The text of this advisory has also been posted at
http://www.madirish.net/?article=480

- --
Justin C. Klein Keane
http://www.MadIrish.net

The digital signature on this message can be confirmed
using the public key at http://www.madirish.net/gpgkey
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iPwEAQECAAYFAk1S0Y0ACgkQkSlsbLsN1gBxpAcApo+e7x2yhchgc9zZOd2YVqVK
nBt09nmIaQem+dO4fs9l+rQbbMj8ahFJMUH8W82iSRuDQQyhnRF5JTCWMlC3gij5
HbOaxLEkepxFzRkDuRdR/wsraSMsxYBJuRdrG8OM7riuFVSSpM2NIdZXjsX7RIJ1
YTNxCkKT6lMywvc7T4A3e3BQPhIKwceB1HhYuyMcWAZ8oMh69HvTlKQ2A5r8QH/S
exJ4ML4nBY9f+0yE1x4DqtsGl54PPdCwW9shu1FPIr0URtPq21/9ozMFwZRBFuOg
v+lB2+O0+9gMCjQrcLw=
=lrWV
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close