Drupal OM Maximenu模块任意PHP代码执行漏洞

发布日期：2012-11-08
更新日期：2012-12-17受影响系统：
Drupal OM Maximenu 6.x-1.44
描述：
--------------------------------------------------------------------------------
BUGTRAQ ID: 56938
CVE（CAN） ID: CVE-2012-6065Drupal是一款开放源码的内容管理平台。Drupal的OM Maximenu 6.x-1.44之前版本在启用了"Title has PHP"选项后，允许通过身份验证的具有"Administer OM Maximenu"权限的远程用户通过"Link Title"执行任意PHP代码。<*来源：Justin C. Klein

链接：http://www.madirish.net/551
http://drupal.org/node/1834048
http://drupal.org/node/1834046
*>测试方法：
--------------------------------------------------------------------------------警告以下程序（方法）可能带有攻击性，仅供安全研究与教学之用。使用者风险自负！技术细节：1. Link titles allow for arbitrary HTML injection
2. Link titles allow arbitrary PHP if "Title has PHP" in "Title Options" is checked. This functionality is not documented in the 3. permission page, allowing users with "Administer OM Maximenu" to execute PHP
4. "Path Query" and "Anchor" parameters in links allow for arbitrary script injection.
5. Maximenu title （？q=admin/settings/om-maximenu） allows for arbitrary script injection
6. OM Maximenu fails to sanitize vocabulary names before display （？q=admin/settings/om-maximenu/import）测试方法：1. Install and enable OM Maximenu module
2. Add a new menu at ？q=admin/settings/om-maximenu/add
3. Enter "<script>alert（"xss"）;</script> for the "Menu Title"
4. Save the menu to view the rendered JavaScript1. Install and enable OM Maximenu module
2. Add a new menu at ？q=admin/settings/om-maximenu/add
3. Add a new link to the menu at ？q=admin/settings/om-maximenu/1/edit
4. Enter "<script>alert（"xss"）</script>" for the "Link Title"
5. Enable the menu block for display at ？q=admin/build/block
6. View the rendered JavaScript whenever the menu block is displayed1. Install and enable OM Maximenu module
2. Add a new menu at ？q=admin/settings/om-maximenu/add
3. Add a new link to the menu at ？q=admin/settings/om-maximenu/1/edit
4. Enter ""><script>alert（"xss"）;</script><a " for the "Path Query"
5. Enable the menu block for display at ？q=admin/build/block
6. View the rendered JavaScript whenever the menu block is displayed1. Install and enable OM Maximenu module
2. Add a new menu at ？q=admin/settings/om-maximenu/add
3. Add a new link to the menu at ？q=admin/settings/om-maximenu/1/edit
4. Enter ""><script>alert（"xss"）;</script><a " for the "Anchor"
5. Enable the menu block for display at ？q=admin/build/block
6. View the rendered JavaScript whenever the menu block is displayed1. Install and enable OM Maximenu module
2. Enable Taxonomy module
3. Create a new vocabulary at ？q=admin/content/taxonomy/add/vocabulary
4. Enter "<script>alert（"xss"）;</script>" for "Vocabulary name" and save
5. Add a term to the vocabulary at ？q=admin/content/taxonomy/[x]/add/term where [x] is the vocabulary id number
6. View the rendered JavaScript at ？q=admin/settings/om-maximenu/import建议：
--------------------------------------------------------------------------------
厂商补丁：Drupal
------
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：http://ftp.drupal.org/files/projects/om_maximenu-7.x-1.44.tar.gzhttp://ftp.drupal.org/files/projects/om_maximenu-7.x-1.44.zipJoomla！ JooProperty 组件SQL注入和跨站脚本漏洞MyBB DyMy User Agent插件SQL注入漏洞相关资讯 Drupal PHP代码执行漏洞 Drupal安全漏洞

Drupal v8.2.0-rc2 发布下载，内容（今 10:46）
Drupal 8.0.3/7.42 发布下载，CMS （02月04日）
Drupal 8.0.0 发布下载，CMS 内容（11/20/2015 13:10:51）

Drupal 8.0.5 发布下载，内容管理（03月05日）
Drupal 8.0.2 发布下载，CMS 内容（01月07日）
Drupal 8.0.0 正式版将会在 11 月（11/02/2015 07:56:44）

本文评论查看全部评论（0）

评论声明