Scoutnet vzw
http://forum.scoutnet.be/

[Drupal] Security announcements: TrailScout - XSS and SQL
http://forum.scoutnet.be/viewtopic.php?f=19&t=2142
Pagina 1 van 1

Auteur:  To [ 23 Jun 2008 19:03 ]
Titel:  [Drupal] Security announcements: TrailScout - XSS and SQL

------------SA-2008-037 - TRAILSCOUT - XSS AND SQL INJECTION------------

* Advisory ID: DRUPAL-SA-2008-037
* Project: TrailScout (third-party module)
* Version: 5.x
* Date: 2008-June-18
* Security risk: Higly critical
* Exploitable from: Remote
* Vulnerability: Cross site scripting and SQL injection

------------DESCRIPTION------------

The TrailScout module displays a number of last visited pages as breadcrumbs.

The module displays certain values without appropriate filtering. Malicious users with the permission to create posts are able to exploit this issue and insert arbitrary HTML and script code into pages. Such a cross site scripting attack [ http://en.wikipedia.org/wiki/Xss ] may lead to the malicious user gaining administrator access.

Trailscout also does not properly use the Drupal database API and inserts values from cookies directly into queries. This can be exploited on most PHP configurations to perform SQL Injection attacks [ http://en.wikipedia.org/wiki/Sql_injection ]. These attacks may lead to the malicious user gaining administrator access.

All users are encouraged to update to the latest version. Be sure to verify the compatibility of your contrib modules as you perform the update.

------------VERSIONS AFFECTED------------

* TrailScout for Drupal 5.x prior to 5.x-1.4

Drupal core is not affected. If you do not use the contributed TrailScout module, there is nothing you need to do.

------------SOLUTION------------

Install the latest version:

* TrailScout 5.x-1.4 [ http://drupal.org/node/272114 ].

See also the TrailScout project page [ http://drupal.org/project/trailscout ].

------------REPORTED BY------------

Gerhard Killesreiter [ http://drupal.org/user/227 ] (Drupal security team).

------------CONTACT------------

The security contact for Drupal can be reached at security at drupal.org or via the form at [ http://drupal.org/contact ].

Pagina 1 van 1 Alle tijden zijn UTC + 1 uur
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/