Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Drupal 6.22 With Finder 6.x-1.9 Code Execution / Cross Site Scripting

🗓️ 10 Feb 2012 00:00:00Reported by Justin C. Klein KeaneType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 29 Views

Drupal 6.22 with Finder 6.x-1.9 vulnerability impacting code execution and XSS due to module flaws

Code
`Vulnerability Report  
  
Description of Vulnerability:  
-----------------------------  
Drupal (http://drupal.org) is a robust content management system (CMS)  
written in PHP and MySQL. The Drupal Finder module  
(https://drupal.org/project/finder) "allows Drupal site administrators  
to create flexible faceted search forms to find entities such as nodes  
or users based on the values of fields and database attributes." The  
Finder module contains multiple vulnerabilities including persistent  
cross site scripting (XSS) and an arbitrary code execution  
vulnerability.  
  
Systems affected:  
-----------------------------  
Drupal 6.22 with Finder 6.x-1.9 was tested and shown to be vulnerable  
  
Impact  
-----------------------------  
Users can execute code with the permissions of the web server. Malicious  
users could inject arbitrary HTML into search results that could display  
to all users.  
  
Mitigating factors:  
-----------------------------  
In order to execute arbitrary code execution malicious users must have  
the ability to import finders. In order to execute arbitrary script  
injection malicious users must have the ability to create content.  
  
Proof of Concept Exploit (Code Execution):  
------------------------------------------  
1. Install and enable the Finder modules  
2. Enter '$a = phpinfo()' in the form at ?q=admin/build/finder/import  
3. Submit the form to view the executed code  
  
Proof of Concept Exploit (XSS):  
------------------------------------------  
1. Install and enable the Finder modules  
2. At ?q=node/add/story create a new node with the title  
"<script>alert('xss');</script>" and save it  
3. Create a new "Node finder" using the drop down at the bottom of the  
page ?q=admin/build/finder  
4. Check 'Provide block' and select "Autocomplete textfield" from the  
'Add element' drop down  
5. Save the new finder using the button at the bottom of the form  
6. In the resulting configuration scree  
(?q=admin/build/finder/X/edit/2/edit/ where X is the Finder ID) select  
"Node:Title" from the 'Find items by this field:' select list and click  
'Save finder element'  
7. Enable the new Finder block at ?q=admin/build/block  
8. Type 'xss' into the Finder block to view the rendered JavaScript  
  
Vendor Response:  
-----------------------------  
Upgrade to the latest version of Finder. SA-CONTRIB-2012-017  
(https://drupal.org/node/1432970)  
  
Text of this advisory also available at   
http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities  
  
--   
Justin Klein Keane  
http://www.MadIrish.net  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
10 Feb 2012 00:00Current
7.4High risk
Vulners AI Score7.4
drupal cmsphpmysqlxsscode executionmodule vulnerabilityfinder 6.x-1.9security advisory
29