Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > System crack > Content
Hot Articles
GeoVision Digital Video
Adobe Acrobat and the Re
Samba group_mapping.tdb/
The Sleuth Kit - UNIX-ba
Marvell 88W8361P-BEM1 ch
CS-Cart core / user.php
phpBB Small ShoutBox mod
Outlook Web Access for E
FlexCell Grid ActiveX co
PHP error_log bypasses t
Apple Bonjour for Window
nginx file type error pa
DedeCMS V5.5 Final GetWe
Details of PHP code exec
The VMware 2008-0014 ren
Recommend Articles
Mozilla the Firefox 2.0.
DC++ many long-distance
VLC the media player WAV
The Wireshark 1.0.1 edit
Wordpress XML-RPC connec
ServerView Web connectio
PCRE the pcre_compile.c
phpMyAdmin long-distance
Panda the ActiveScan lon
BlueZ the SDP load handl
1024 CMS many documents
WeFi journal file local
vBulletin adminlog.php r
Microsoft Windows DNS se
Adobe RoboHelp Server he
New Articles
DiY - brief loophole ana
Freefloat FTP Server ove
I can with Apache endeav
HP - UX NFS/ONCplus unkn
HP - UX FTPD remote deni
HP - UX DCE can send acr
HP - UX 'useradd' local
HP - UX swagentd remote
HP - UX Numbers local de
HP - UX System under the
HP - UX 'FTPD' unknown r
HP TCP/IP Services for c
From Solaris NFS pages f
From Solaris XScreenSave
Sun Solaris Auditing Ext
Drupal many input confirmation crack
  Add date: 07/16/2008   Publishing date: 07/16/2008   Hits: 24

Issues the date: 2008-07-09
Renewal date: 2008-07-11

Is affected the system:
Drupal Drupal 6.x
Drupal Drupal 5.x
Not affected system:
Drupal Drupal 6.3
Drupal Drupal 5.8
Description:
--------------------------------------------------------------------------------
BUGTRAQ ID: 30168

Drupal is a section of open sound code content manages the platform.

In Drupal has many input confirmation mistake, possibly allows the malicious user to carry out the cross station script, the cross station request forge, the conversation to be fixed, SQL pours into with the script pours into the attack.

1) Drupal has not filtered correctly transmits for classified glossary certain inputs, this possibly causes to pour into willfully HTML and the script code and carries out in the user browser conversation.

2) Drupal has not filtered certain inputs which OpenID provider provides then to return correctly has given the user, this possibly causes to pour into willfully HTML and the script code and carries out in the user browser conversation.

3) the user may carry out certain operations through the HTTP request, if will register the user to be deceived visits malicious stand to cause to delete OpenID or the transformation string of character.

4), if user after following the specially made link registers, in the conversation processing mistake possibly causes to kidnap other users the conversation.

5) in Schema API in digit field's input confirmation wrong possibly causes SQL to pour into the crack.

<* origin: John Morahan
 
  Link: http://secunia.com/advisories/31028/
        http://drupal.org/node/280571
*>

Suggested:
--------------------------------------------------------------------------------
Manufacturer patch:

Drupal
------
At present the manufacturer had already issued the promotion patch repairs this security problem, welcome to manufacturer main page downloading:

http://ftp.drupal.org/files/projects/drupal-5.8.tar.gz
http://ftp.drupal.org/files/projects/drupal-6.3.tar.gz
http://drupal.org/files/sa-2008-044/SA-2008-044-5.7.patch
http://drupal.org/files/sa-2008-044/SA-2008-044-6.2.patch
Prev:Many manufacturer DNS realize the buffer poison crack Next:Novell eDirectory LDAP serves the Search parameter to pile the overflow crack

Comment:

Category: Home > System crack
Home