Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Drupal MP3 Player Cross Site Scripting

🗓️ 02 Feb 2010 00:00:00Reported by Martin BarbellaType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 68 Views

Drupal MP3 Player XSS vulnerability

Code
`XSS vulnerability in Drupal's MP3 Player contributed module (version  
6.x-1.0-beta1)  
  
Discovered by Martin Barbella <[email protected]>  
  
Description of Vulnerability:  
-----------------------------  
Drupal is a free software package that allows an individual or a  
community of users to easily publish, manage and organize a wide  
variety of content on a website. (From: http://drupal.org/about)  
  
The MP3 Player module allows users to use the WordPress Audio Player in Drupal.  
  
The name of the mp3 file is not properly sanitized when the javascript  
to create the audio player is generated, resulting in a cross site  
scripting vulnerability.  
  
The module also fails to sanitize various inputs on the MP3 player  
administration page. In the cases where the user is prompted for 6  
digit hex values to use as colors for the player, it will only check  
that the value is 6 characters long, and will not verify that it is  
hexadecimal, but as this is both difficult to exploit, and requires  
that the user can administer the MP3 player module, the rest of this  
report will only focus on the previous vulnerability.  
  
Systems affected:  
-----------------  
This has been confirmed in MP3 Player 6.x-1.0-beta1. Other versions  
may also be affected.  
  
Impact:  
-------  
Stored attacks are those where the injected code is permanently stored  
on the target servers, such as in a database, in a message forum,  
visitor log, comment field, etc. The victim then retrieves the  
malicious script from the server when it requests the stored  
information. (From OWASP:  
http://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29)  
  
Mitigating factors:  
-------------------  
A user must have permission to create nodes of a type that use the audio player.  
  
Proof of concept:  
-----------------  
1. Install the MP3 Player module and its dependencies.  
2. Create a new content type with a file field that accepts mp3s.  
3. Make sure that MP3 Player will be used with the field that you have created.  
4. Create a file named "+alert(document.cookie)+".mp3  
5. Create a node with the new content type, and upload this file.  
6. Note that an alert box will be displayed when viewing this node.  
  
Timeline:  
---------  
2010-01-14 - Drupal Security notified  
2010-02-01 - Still no response from Drupal Security  
2010-02-01 - Public disclosure  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
02 Feb 2010 00:00Current
7.4High risk
Vulners AI Score7.4
drupalmp3 playercross site scriptingvulnerabilityowaspmitigating factorsproof of concepttimeline
68