Faiblesses connexes
CWE-ID |
Nom de la faiblesse |
Source |
CWE-79 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
|
Métriques
Métriques |
Score |
Gravité |
CVSS Vecteur |
Source |
V2 |
3.5 |
|
AV:N/AC:M/Au:S/C:N/I:P/A:N |
nvd@nist.gov |
EPSS
EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.
Score EPSS
Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.
Percentile EPSS
Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
Informations sur l'Exploit
Exploit Database EDB-ID : 10485
Date de publication : 2009-12-15 23h00 +00:00
Auteur : Justin C. Klein Keane
EDB Vérifié : Yes
The text of this announcment is also available at
http://www.madirish.net/?article=440
Description of Vulnerability:
- - - -----------------------------
Drupal (http://drupal.org) is a robust content management system (CMS)
written in PHP and MySQL that provides extensibility through various
third party modules. The Sections module
(http://drupal.org/project/sections) "allows you to create sections
within your site. Each section has an installed template, theme or style
attached to it."
The Sections module contains a cross site scripting vulnerability
because it does not properly sanitize output of section names before
display.
Systems affected:
- - - -----------------
Drupal 6.14 with Sections 6.x-1.2 was tested and shown to be vulnerable.
Impact:
- - - -------
XSS vulnerabilities may expose site administrative accounts to
compromise which could lead to web server process compromise.
Mitigating factors:
- - - -------------------
The Sections module must be installed. To carry out a Sections based
XSS proof of concept exploit below the attacker must have 'administer
sections' permissions.
Proof of Concept:
- - ---------------------
1. Install Drupal 6.14
2. Install Sections 6.x-1.2
3. Enable the Sections module from Administer -> Site building -> Modules
4. Click Administer -> Site building -> Sections
5. Click the 'Add section' button
5. Enter "<script>alert('xss');</script>" in the 'Name' text area
6. Click the 'Add section' button to save the section and observe the
rendered JavaScript
7. Click on the 'Sections' link in the navigation to observe the
rendered JavaScript
Technical details:
- - ------------------------
The Sections module fails to sanitize the output of the section name
before display. Applying the following patch fixes this vulnerability.
Patch
- - -------
Applying the following patch mitigates these threats.
- --- sections/sections.admin.inc 2008-06-01 08:51:51.000000000 -0400
+++ sections.fixed/sections.admin.inc 2009-11-06 15:43:53.997416137 -0500
@@ -234,6 +234,7 @@ function theme_sections_admin_display_fo
foreach (element_children($form['sections']) as $key => $id) {
// Don't take form control structures.
if (is_array($form['sections'][$id]['name'])) {
+ $form['sections'][$id]['name']['#value'] =
filter_xss($form['sections'][$id]['name']['#value']);
$form['sections'][$id]['weight']['#attributes']['class'] =
'sections-order-weight';
$rows[] = array(
'data' => array(
Vendor Response
- ---------------
Upgrade to the latest version.
SA-CONTRIB-2009-112 http://drupal.org/node/661404
- --
Justin C. Klein Keane
http://www.MadIrish.net
Exploit Database EDB-ID : 33410
Date de publication : 2009-12-15 23h00 +00:00
Auteur : Justin C. Klein Keane
EDB Vérifié : Yes
source: https://www.securityfocus.com/bid/37371/info
The Sections module for Drupal is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
To exploit this issue, the attacker must have 'administer sections' permissions.
Versions prior to Sections 5.x-1.3 and 6.x-1.3 are vulnerable.
The following example input is available:
<script>alert('xss');</script>
Products Mentioned
Configuraton 0
Alexander_hass>>Sections_module >> Version 5.x-1.0
Alexander_hass>>Sections_module >> Version 5.x-1.1
Alexander_hass>>Sections_module >> Version 5.x-1.2
Alexander_hass>>Sections_module >> Version 5.x-1.x-dev
Alexander_hass>>Sections_module >> Version 6.x-1.0
Alexander_hass>>Sections_module >> Version 6.x-1.1
Alexander_hass>>Sections_module >> Version 6.x-1.2
Alexander_hass>>Sections_module >> Version 6.x-1.x-dev
Drupal>>Drupal >> Version *
Références