Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Drupal Protected Node Cross Site Scripting

🗓️ 27 Feb 2009 00:00:00Reported by Justin C. Klein KeaneType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 19 Views

Drupal Protected Node vulnerability, XSS exploi

Code
`-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
Version Tested: 5.x-1.3 on Drupal 5.15  
  
The Drupal Protected Node module  
(http://drupal.org/project/protected_node) is designed to restrict  
access to nodes using passwords. When nodes are created they can be  
protected by selecting 'protected node' and specifying a password.  
Users attempting to access the node must then enter a password in order  
to access the node. Details of this vulnerability can also be found at  
http://lampsecurity.org/node/28.  
  
The Protected Node module fails to properly sanitize user input  
specified in the 'Password page info' input specified in Administer ->  
Site Configuration -> Protected Node. Users with the 'administer site  
configuration' permission can access this page.  
  
Steps to reproduce the exploit:  
  
1. Enable the Protected Node module  
2. Set permissions (Administer -> User Management) so anonymous users  
can access protected content in the protected_node module section  
3. Click Administer -> Site Configuration -> Protected node  
4. Enter the value <script>alert('xss');</script> into the 'Password  
page info' textarea  
5. Create a new piece of content  
6. In the 'Protected node' section on the content creation screen check  
the 'Node is protected' checkbox and enter a password.  
7. Save the content.  
8. Log out and view the content to trigger the JavaScript  
  
  
Technical details:  
  
This vulnerability is introduced by a failure to sanitize user input as  
it is being displayed in the protected_node_enterpassword() funciton in  
protected_node.module. Lines 272-274 prints out the user supplied text  
using the statement:  
  
$form['protected_node'] = array(  
'#value' => $info  
);  
  
The $info variable should be sainitized using check_plain() or similar  
function in order to prevent the XSS vulnerability.  
  
Drupal security (http://drupal.org/security) team and module maintainer  
have been notified.  
  
- --  
Justin C. Klein Keane  
http://www.MadIrish.net  
http://www.LAMPSecurity.org  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1.4.7 (MingW32)  
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org  
  
iQD1AwUBSagRtJEpbGy7DdYAAQJuYwcAjhDPxL2rYb9epxZ5J55kslSVYC0tMxaR  
89AtwVC7NqXZ6fn9XH1vn71jw1qCNp6xnyNUgmlZDFmKs11Q3iTHgS5O2pWOiu8E  
SUwPqguqRlx6QgQRtsJaKnS0zAFHWWc2i/jZWeHwkucf3LgJkYcEC4T/p8rRDjp3  
wM0KdJnhbqC4/D8jSPAD3Ila8CRci9uoWwyGM6O4YtNQ/sxjtSHVC2ngmG3q2jTc  
JRZtMsmiAgyj4CxCY3cbcAEFTDowredqt0283Y8s+qOxKwXlDZMeoKpRfyGK2FO2  
IPLhieMuPdc=  
=xS7G  
-----END PGP SIGNATURE-----  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
27 Feb 2009 00:00Current
7.4High risk
Vulners AI Score7.4
drupalprotected nodecross site scriptingvulnerabilityxssexploituser inputadministersite configuration
19