Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Drupal 7.26 Custom Search 7.x-1.13 Cross Site Scripting

🗓️ 02 Apr 2014 00:00:00Reported by Justin C. Klein KeaneType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 25 Views

Drupal 7.26 Custom Search module XSS vulnerabilit

Code
`-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
Vulnerability Report  
  
  
Author: Justin C. Klein Keane <[email protected]>  
Reported: 19 Feb, 2014  
  
  
Description of Vulnerability:  
- -----------------------------  
Drupal (http://drupal.org) is a robust content management system (CMS)  
written in PHP and MySQL. The Custom Search module "alters the default  
search box in many ways. If you need to have options available like in  
advanced search, but directly in the search box, this module is for  
you." The Drupal Custom Search module  
(https://drupal.org/project/custom_search) contains a persistent cross  
site scripting (XSS) vulnerability due to the fact that it fails to  
sanitize filter labels before display.  
  
  
Systems affected:  
- -----------------  
Drupal 7.26 with Custom Search 7.x-1.13 was tested and shown to be  
vulnerable  
  
  
Impact  
- ------  
Users can inject arbitrary HTML (including JavaScript) in order to  
attack site users, including administrative users. This could lead to  
account compromise, which could in turn lead to web server compromise,  
or expose administrative users to client side malware attacks.  
  
  
Mitigating factors:  
- -------------------  
In order to inject arbitrary script malicious users must have the  
ability "administer custom search."  
  
  
Proof of Concept Exploits:  
- -----------------  
1. Install and enable the Custom Search module  
2. Navigate the Custom Search configuration at  
?q=admin/config/search/custom_search/results  
3. Change the 'Position' drop down to 'Above results'  
4. Enter "<script>alert('xss');</script>" in the 'Label text' input  
field  
5. Click the 'Save Configuration' button  
6. Submit any search to view the JavaScript on the results page.  
  
  
Vendor response:  
- ----------------  
Vulnerability is fixed in the latest versions of the Custom Search  
module (ref https://drupal.org/node/2231665)  
  
- --   
Justin C. Klein Keane  
http://www.MadIrish.net  
  
The digital signature on this e-mail may be verified using  
the public key at http://www.madirish.net/gpgkey  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)  
Comment: GPGTools - http://gpgtools.org  
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/  
  
iPwEAQECAAYFAlM8n/8ACgkQkSlsbLsN1gAGXwb9FaDO4jn6RBhqOqLkvFPu3eJE  
Ae+E5BEAxJ8wQpZx2dnen5hizNtN0q2o6LkDffwkEaOjZMJZIum23F8ovnxciuiA  
B/vg4ZfKav+08Ac8ZJcC5FwKbz0hs6mlMR5aLGQK28PjLShEEtMUEzlfDzhAA1GK  
3I3huJIUCszR5nkgYGjvxrHmCVHMEZ9f0hS5L6tfEaLKCSFtyVbM65CfdGcFnrr0  
o2+YQd9NQ8NnLYe+wB2VGXgydBseQ8AdshnB6c1WTG7/lHHVqOV2f8vbr4kewoCz  
PQln6M5j/UJtaMyMmds=  
=Sqil  
-----END PGP SIGNATURE-----  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
02 Apr 2014 00:00Current
7.4High risk
Vulners AI Score7.4
drupalcustom searchcross site scriptingphpmysqlvulnerabilityxssmitigating factorsproof of conceptvendor responsejavascript
25