Drupal 特制的URL未明跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1193083 漏洞类型 输入验证
发布时间 2006-10-24 更新时间 2006-10-25
CVE编号 CVE-2006-5477 CNNVD-ID CNNVD-200610-403
漏洞平台 N/A CVSS评分 2.6
|漏洞来源
https://cxsecurity.com/issue/WLB-2006100126
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200610-403
|漏洞详情
Drupal4.6.10版本之前的4.6.x和4.7.4版本之前的4.7.x,对表格提交可以进行重定向,远程攻击者可以通过特制的URL来获取任意表格信息。
|漏洞EXP
------------------------------------------------------------------------
----
Drupal security advisory                                  DRUPAL-SA-2006-026
------------------------------------------------------------------------
----
Project:          Drupal core
Date:             2006-Oct-18
Security risk:    Less critical
Exploitable from: Remote
Vulnerability:    HTML attribute injection
------------------------------------------------------------------------
----

Description
-----------
A malicious user may entice users to visit a specially crafted URL that may 
result in the redirection of Drupal form submission to a third-party site. A 
user visiting the user registration page via such a url, for example, will 
submit all data, such as his/her e-mail address, but also possible private 
profile data, to a third-party site.

Versions affected
-----------------
- Drupal 4.6.x versions before Drupal 4.6.10
- Drupal 4.7.x versions before Drupal 4.7.4

Solution
- If you are running Drupal 4.6.x then upgrade to Drupal 4.6.10.
   http://ftp.osuosl.org/pub/drupal/files/projects/drupal-4.6.10.tar.gz
- If you are running Drupal 4.7.x then upgrade to Drupal 4.7.4.
   http://ftp.osuosl.org/pub/drupal/files/projects/drupal-4.7.4.tar.gz

- To patch Drupal 4.6.9 use http://drupal.org/files/sa-2006-026/4.6.9.patch.
- To patch Drupal 4.7.3 use http://drupal.org/files/sa-2006-026/4.7.3.patch.

Please note that the patches only contain changes related to this advisory, 
and do not fix bugs that were solved in 4.6.10 or 4.7.4.

Reported by
-----------
Frederic Marand.

Contact
-------
The security contact for Drupal can be reached at security at drupal.org or 
using the form at http://drupal.org/contact.

// Uwe Hermann, on behalf of the Drupal Security Team.
-- 
Uwe Hermann 
http://www.hermann-uwe.de
http://www.it-services-uh.de  | http://www.crazy-hacks.org 
http://www.holsham-traders.de | http://www.unmaintained-free-software.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFN7D2XdVoV3jWIbQRAn30AJ4wDXVgTcsZ6AVZU0iz8oFYqTx8dACeNXFj
D4MxzZKaxPKknex3KMezI6Y=
=eFVr
-----END PGP SIGNATURE-----
|参考资料

来源:BID
名称:20631
链接:http://www.securityfocus.com/bid/20631
来源:BUGTRAQ
名称:20061019[DRUPAL-SA-2006-026]Drupal4.6.10/4.7.4fixesHTMLattributeinjectionissue
链接:http://www.securityfocus.com/archive/1/archive/1/449200/100/0/threaded
来源:VUPEN
名称:ADV-2006-4120
链接:http://www.frsirt.com/english/advisories/2006/4120
来源:SECUNIA
名称:22486
链接:http://secunia.com/advisories/22486
来源:drupal.org
链接:http://drupal.org/node/88828
来源:XF
名称:drupal-form-xss(29682)
链接:http://xforce.iss.net/xforce/xfdb/29682
来源:OPENPKG
名称:OpenPKG-SA-2006.025-drupal
链接:http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.025-drupal.html
来源:SREASON
名称:1764
链接:http://securityreason.com/securityalert/1764