Drupal OM Maximenu模块任意PHP代码执行漏洞


发布日期:2012-11-08
更新日期:2012-12-17

受影响系统:
Drupal OM Maximenu 6.x-1.44
描述:
--------------------------------------------------------------------------------
BUGTRAQ  ID: 56938
CVE(CAN) ID: CVE-2012-6065

Drupal是一款开放源码的内容管理平台。

Drupal的OM Maximenu 6.x-1.44之前版本在启用了"Title has PHP"选项后,允许通过身份验证的具有"Administer OM Maximenu"权限的远程用户通过"Link Title"执行任意PHP代码。

<*来源:Justin C. Klein
 
  链接:http://www.madirish.net/551
        http://drupal.org/node/1834048
        http://drupal.org/node/1834046
*>

测试方法:
--------------------------------------------------------------------------------

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!

技术细节:

1. Link titles allow for arbitrary HTML injection
2. Link titles allow arbitrary PHP if "Title has PHP" in "Title Options" is checked. This functionality is not documented in the 3. permission page, allowing users with "Administer OM Maximenu" to execute PHP
4. "Path Query" and "Anchor" parameters in links allow for arbitrary script injection.
5. Maximenu title (?q=admin/settings/om-maximenu) allows for arbitrary script injection
6. OM Maximenu fails to sanitize vocabulary names before display (?q=admin/settings/om-maximenu/import)

测试方法:

1. Install and enable OM Maximenu module
2. Add a new menu at ?q=admin/settings/om-maximenu/add
3. Enter "<script>alert('xss');</script> for the "Menu Title"
4. Save the menu to view the rendered JavaScript

1. Install and enable OM Maximenu module
2. Add a new menu at ?q=admin/settings/om-maximenu/add
3. Add a new link to the menu at ?q=admin/settings/om-maximenu/1/edit
4. Enter "<script>alert('xss')</script>" for the "Link Title"
5. Enable the menu block for display at ?q=admin/build/block
6. View the rendered JavaScript whenever the menu block is displayed

1. Install and enable OM Maximenu module
2. Add a new menu at ?q=admin/settings/om-maximenu/add
3. Add a new link to the menu at ?q=admin/settings/om-maximenu/1/edit
4. Enter ""><script>alert('xss');</script><a " for the "Path Query"
5. Enable the menu block for display at ?q=admin/build/block
6. View the rendered JavaScript whenever the menu block is displayed

1. Install and enable OM Maximenu module
2. Add a new menu at ?q=admin/settings/om-maximenu/add
3. Add a new link to the menu at ?q=admin/settings/om-maximenu/1/edit
4. Enter ""><script>alert('xss');</script><a " for the "Anchor"
5. Enable the menu block for display at ?q=admin/build/block
6. View the rendered JavaScript whenever the menu block is displayed

1. Install and enable OM Maximenu module
2. Enable Taxonomy module
3. Create a new vocabulary at ?q=admin/content/taxonomy/add/vocabulary
4. Enter "<script>alert('xss');</script>" for "Vocabulary name" and save
5. Add a term to the vocabulary at ?q=admin/content/taxonomy/[x]/add/term where [x] is the vocabulary id number
6. View the rendered JavaScript at ?q=admin/settings/om-maximenu/import

建议:
--------------------------------------------------------------------------------
厂商补丁:

Drupal
------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://ftp.drupal.org/files/projects/om_maximenu-7.x-1.44.tar.gz

http://ftp.drupal.org/files/projects/om_maximenu-7.x-1.44.zip

相关内容