Drupal OpenID Module Cross Site Scripting and Request Forgery Vulnerabilities
BID:30165
Info
Drupal OpenID Module Cross Site Scripting and Request Forgery Vulnerabilities
| Bugtraq ID: | 30165 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-6836 CVE-2008-6835 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 09 2008 12:00AM |
| Updated: | Jul 06 2016 02:17PM |
| Credit: | Neil Drumm, Peter Wolanin |
| Vulnerable: |
OpenID OpenID module 5.x-1.1 OpenID OpenID module 5.x-1.0 |
| Not Vulnerable: |
OpenID OpenID module 5.x-1.2 |
Discussion
Drupal OpenID Module Cross Site Scripting and Request Forgery Vulnerabilities
The OpenID module for Drupal is prone to multiple cross-site scripting vulnerabilities because the software fails to sufficiently sanitize user-supplied inputs. The module is also prone to a cross-site request-forgery vulnerability.
An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The attacker can exploit the cross-site request-forgery issue by tricking a victim into following a specially crafted HTTP request designed to perform some action on the attacker's behalf using a victim's currently active session.
The vulnerabilities affect versions prior to OpenID 5.x-1.2.
The OpenID module for Drupal is prone to multiple cross-site scripting vulnerabilities because the software fails to sufficiently sanitize user-supplied inputs. The module is also prone to a cross-site request-forgery vulnerability.
An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The attacker can exploit the cross-site request-forgery issue by tricking a victim into following a specially crafted HTTP request designed to perform some action on the attacker's behalf using a victim's currently active session.
The vulnerabilities affect versions prior to OpenID 5.x-1.2.
Exploit / POC
Drupal OpenID Module Cross Site Scripting and Request Forgery Vulnerabilities
To exploit these issues, an attacker must entice an unsuspecting victim into following a malicious URI.
To exploit these issues, an attacker must entice an unsuspecting victim into following a malicious URI.
Solution / Fix
Drupal OpenID Module Cross Site Scripting and Request Forgery Vulnerabilities
Solution:
The vendor has released updates. Please see the references for details.
Solution:
The vendor has released updates. Please see the references for details.
References
Drupal OpenID Module Cross Site Scripting and Request Forgery Vulnerabilities
References:
References:
- Drupal Language Switcher Dropdown Homepage (Drupal)
- openid 5.x-1.2 Download page (Drupal)
- OpenID Homepage (OpenID)
- SA-2008-045 - OpenID - Multiple vulnerabilities (Drupal)