Author: Justin C. Klein Keane jus...@madirish.net
Reported: 7 August, 2013
Description of Vulnerability:
- -
Drupal (http://drupal.org) is a robust content management system (CMS)
written in PHP and MySQL. Drupal core suffers from multiple
persistent (stored) cross site
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yes, yes, it is very common:
http://www.crypto.com/blog/copywrongs/
Justin C. Klein Keane
http://www.MadIrish.net
Any digital signature on this message can be confirmed using
the GPG key at http://www.madirish.net/gpgkey
On 08/09/2013 06:08 AM
Vulnerability Report
Author: Justin C. Klein Keane jus...@madirish.net
Date: 5 March, 2013
CVE-2012-4230
Description of Vulnerability:
-
TinyMCE in itself can not be insecure
(http://www.tinymce.com/wiki.php/Security)
TinyMCE is a platform independent web based
/projects/lampsecurity/files/CaptureTheFlag/CTF7/.
Any and all feedback is appreciated.
Cheers,
- --
Justin C. Klein Keane
http://www.MadIrish.net
The PGP signature on this email can be verified using the public key at
http://www.madirish.net/gpgkey
-BEGIN PGP SIGNATURE-
Version: GnuPG
that were overlooked.
Justin C. Klein Keane
a.k.a. Mad Irish
http://www.MadIrish.net
The PGP signature on this email can be verified using the public key at
http://www.madirish.net/gpgkey
On 01/07/2013 10:36 AM, scryptz0 SOLDIERX wrote:
Infosec Institute made a write up on the largest public hacker
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Vulnerability Report
Reported: January 3, 2012
Author: Justin C. Klein Keane jus...@madirish.net
Description of Vulnerability:
- -
Drupal (http://drupal.org) is a robust content management system (CMS)
written in PHP
?
Justin C. Klein Keane
http://www.MadIrish.net
The PGP signature on this email can be verified using the public key at
http://www.madirish.net/gpgkey
On 04/17/2012 02:48 AM, Adam Behnke wrote:
Immunity Debugger Remote Denial of Service 0Day Tested against
version 1.76 and 1.80 on Windows XP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Exploit for bespoke:
* Install and enable the Activity and Flag modules
* Add a new Flag with an arbitrary name at ?q=admin/build/flags/add
* On the resulting page (?q=admin/build/flags/add/node/[name]) enter
scriptalert('xss');/script for the flag
nearly 8 years ago so it is reasonable to assume that
it has been abandoned.
- --
Justin C. Klein Keane
http://www.MadIrish.net
The digital signature on this message can be confirmed
using the public key at http://www.madirish.net/gpgkey
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU
) {
Vendor response:
Vendor was notified April 2, 2010 of this issue. Three versions of
Views have been released since. On July 1, 2010 Drupal security decided
that the security team does not consider this a vulnerability.
- --
Justin C. Klein Keane
http://www.MadIrish.net
The digital signature
is fully detailed in
SA-CONTRIB-2010-066 (http://drupal.org/node/829808)
- --
Justin C. Klein Keane
http://www.MadIrish.net
The digital signature on this message can be confirmed
using the public key at http://www.madirish.net/gpgkey
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux
, ':');
+ $absolute = ($colonpos !== FALSE
!preg_match('![/?#]!', substr($request, 0, $colonpos)));
+ if (!$absolute) {
+ drupal_goto($request, $query_string, NULL, 301);
+ }
}
}
- --
Justin C. Klein Keane
http
for authenticated users with the 'administer page manager'
permission.
Vendor response:
-
Upgrade to the latest version of Ctools. Ref
http://drupal.org/node/803944, http://www.madirish.net/?article=458
- --
Justin C. Klein Keane
http://www.MadIrish.net
The digital signature
escalation via XSS vulnerabilities. If you're the only admin then it
doesn't matter, but if any of the 30 editor accounts can be used to
escalate to admin and write arbitrary PHP then you've got big problems.
Justin C. Klein Keane
http://www.MadIrish.net
The digital signature on this message can
to
the module maintainer via the public issue queue at the direction of
Drupal security.
- --
Justin C. Klein Keane
http://www.MadIrish.net
The digital signature on this message can be confirmed
using the public key at http://www.madirish.net/gpgkey
-BEGIN PGP SIGNATURE-
Version: GnuPG
back to 1641.
Justin C. Klein Keane
http://www.MadIrish.net
The digital signature on this message can be confirmed
using the public key at http://www.madirish.net/gpgkey
On 05/04/2010 01:32 PM, Marsh Ray wrote:
On 5/3/2010 7:44 PM, Sec News wrote:
Did anyone else see this?
http
of concept: any user can log into TaskFreak as the administrator
simply by using the username 1' or 1='1
Vendor response:
-
Upgrade to the latest version of TaskFreak.
- --
Justin C. Klein Keane
http://www.MadIrish.net
The digital signature on this message can be confirmed
using
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Successful troll is successful. -anon
Or perhaps successful successful enumeration of infosec professionals
susceptible to Apple 0-day will be successful? Or perhaps someone is
just looking for a date? The inferences are limitless.
Justin C. Klein
',
- -'#title' = $format-name,
+'#title' = check_plain($format-name),
'#default_value' = $default,
'#return_value' = $format-format,
'#parents' = $parents,
- --
Justin C. Klein Keane
http://www.MadIrish.net
The digital signature on this message can
information or clarification
would be greatly appreciated.
Justin C. Klein Keane
http://www.MadIrish.net
The digital signature on this message can be confirmed
using the public key at http://www.madirish.net/gpgkey
On 04/27/2010 01:09 PM, Henri Salo wrote:
On Tue, 27 Apr 2010 12:07:17 -0400
_profile_form_explanation($fiel
$output .= ' '. t('The content of this field is kept private and
will not be shown publicly.');
}
- - return $output;
+ return check_plain($output);
}
function profile_form_profile($edit, $user, $category, $register = FALSE) {
- --
Justin C. Klein Keane
personal information doesn't seem
to fit under any of the statutory definitions of crime unless you use
that information to commit identity theft. The word intent figures
prominently in that statute, so I'd surmise full-disclosure actually
argues against this access being a crime.
Justin C. Klein
places
(http://www.law.cornell.edu/uscode/18/1030.html), it's worth checking out.
One more time for emphasis - I'm not a lawyer ;)
- --
Justin C. Klein Keane
http://www.MadIrish.net
The digital signature on this message can be confirmed
using the public key at http://www.madirish.net/gpgkey
On 02
and log in as a user with privileges to 'inject help'
15. Click on any of the Help Inject icons (the little plus in a gray
circle)
16. Click the 'Next' button on the 'path granularity' screen
17. Observe the JavaScript alert.
- --
Justin C. Klein Keane
http://www.MadIrish.net
The digital
credentials it utilizes base 64 encoded, but unencrypted
connections, to pass credentials and update status messages rather than
the OAuth facility provided by Twitter
(http://apiwiki.twitter.com/OAuth-FAQ).
- --
Justin C. Klein Keane
http://www.MadIrish.net
-BEGIN PGP SIGNATURE-
Version
in
includes/main_functions.php) that could possibly be used to quickly
develop a patch for many of the bespoke vulnerabilities.
Vendor Response
- ---
These issues have been fixed in the git repository and should be
resolved in the next release of dotProject.
- --
Justin C. Klein
extreme care is taken by
developers.
- --
Justin C. Klein Keane
http://www.MadIrish.net
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iPwEAQECAAYFAktCFkIACgkQkSlsbLsN1gAvpQb/VH2krfCKertSsXhFANajrmcL
']);
$form['sections'][$id]['weight']['#attributes']['class'] =
'sections-order-weight';
$rows[] = array(
'data' = array(
Vendor Response
- ---
Upgrade to the latest version.
SA-CONTRIB-2009-112 http://drupal.org/node/661404
- --
Justin C. Klein Keane
http://www.MadIrish.net
content' link
then the 'Story' link
12. Observe multiple JavaScript alerts
- --
Justin C. Klein Keane
http://www.MadIrish.net
http://www.LAMPSecurity.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
for the Body field label
9. Click 'Save content type'
10. Click Administer - Content Management - Content types
11. Click manage fields link for the type selected in #4 above
12. Observe two JavaScript alerts
- --
Justin C. Klein Keane
http://www.MadIrish.net
http://www.LAMPSecurity.org
-BEGIN PGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -= MagpieRSS Multiple XSS Vulnerabilities =-
May 6, 2009
Author: Justin C. Klein Keane jus...@madirish.net
Software: MagpieRSS (http://magpierss.sourceforge.net/)
Version Tested: magpierss-0.72
Vendor notified
Full details can also be found
creators, who are likely to have elevated privileges in Drupal. Extreme
care should be given to those users granted the 'administer taxonomy'
privilege until a fix is available.
- --
Justin C. Klein Keane
http://www.MadIrish.net
http://www.LAMPSecurity.org
-BEGIN PGP SIGNATURE-
Version
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Security Evaluation of NanoCMS
April 14, 2009
Version tested: 0.4_final
by Justin C. Klein Keane jus...@madirish.net
The text of this report is also available at
http://www.madirish.net/vulnerabilities/nanocms
NanoCMS (http://nanocms.in) is a PHP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Security Evaluation of Frog CMS
Version tested: 0.9.4
by Justin C. Klein Keane jus...@madirish.net
This advisory is also posted at
http://www.madirish.net/vulnerabilities/frog-cms
Frog CMS (http://www.madebyfrog.com/) is a lightweight content
of this advisory is also available at
http://lampsecurity.org/drupal-xss-password-reset
- --
Justin C. Klein Keane
http://www.MadIrish.net
http://www.LAMPSecurity.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
security (http://drupal.org/security) team and module maintainer
have been notified.
- --
Justin C. Klein Keane
http://www.MadIrish.net
http://www.LAMPSecurity.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
for the View field OR
click Create content and then choose the content type you created in
the previous steps to trigger the JavaScript.
- --
Justin C. Klein Keane
http://www.MadIrish.net
http://www.LAMPSecurity.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG
-$data['key']]['title'] = array('#value' =
check_plain($item-name));
- --
Justin C. Klein Keane
http://www.MadIrish.net
http://www.LAMPSecurity.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -= pPIM Multiple Vulnerabilities =-
Version Tested: pPIM 1.0
Vendor notified
Full details can also be found at http://www.lampsecurity.org/node/18
Author: Justin C. Klein Keane jus...@madirish.net
Description
pPIM (http://www.phlatline.org
(AUTHORS,
COPYING, FAQ, INSTALL, NEWS, README, UPDATE) should remedy this
vulnerability. Unfortunately instructions about the removal of these
files is not included in the installation guide or the automated install
scripts.
- --
Justin C. Klein Keane
http://www.MadIrish.net
-BEGIN PGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Drupal Imagefield Module Multiple Vulnerabilities
Security Risk: High
Exploitable: Remotely
Vulnerabilities: Arbitrary File Upload, Cross Site Scripting
Discovered by: Justin C. Klein Keane, Andrew Rosborough
Tested: Imagefield 5.x-2.2 on Drupal
in the
content type. The flaw allows such a user to upload any number of
files, opening avenues to trigger local file inclusion vulnerabilities,
hosting malware, phishing, etc., etc. The route to exploitation might
be oblique, but ideally it shouldn't exist at all.
Justin C. Klein Keane
http
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
* Discovery Date: Sept 17, 2008
* Security risk: high
* Exploitable from: Remote
* Vulnerability: SQL Injection
* Discovered by: Justin C. Klein Keane (a.k.a. Mad Irish)
Description
Drupal (http://drupal.org) is a robust content management system
43 matches
Mail list logo