Heine

  • Home
  • Drupal
  • About
  • Contact

From bug to exploit - Bakery SSO

Heine —Mon, 2013/02/18 - 12:59

I recently evaluated the Bakery Single Sign-On System aka Bakery SSO aka Bakery on behalf of clients. This article describes how I moved from finding a small weakness in version 2.x-alpha-3 to an exploit.

If you haven't updated all your sites to Bakery 2.0-alpha4 (6.x, 7.x), go and do so now.

  • Security
  • bug2exploit
  • Planet Drupal
  • Drupal
  • Read more about From bug to exploit - Bakery SSO

Solving getting bogus dates via MSSQL_QUERY

Heine —Thu, 2012/11/29 - 19:24

If you get bogus dates back from MSSQL, make sure PHP is compiled against the FreeTDS libary that's currently in use. If not, recompile PHP.

  • MSSQL
  • FreeTDS
  • datetime
  • date
  • Read more about Solving getting bogus dates via MSSQL_QUERY

Explaining the Drupal < 7.16 Installer vulnerability

Heine —Wed, 2012/10/24 - 11:24

SA-CORE-2012-003 fixes an issue in the Drupal installer that enables an attacker to cause the site to use a different attacker-controlled database.

The installer vulnerability was found while preparing my DrupalJam presentation (NL) on security audits and reported via the (awesome!) SecuriTeam Secure Disclosure program. As promised on IRC & Reddit, here's some additional information on the root cause(s).

  • Security
  • Drupal
  • Planet Drupal
  • bug2exploit
  • Read more about Explaining the Drupal < 7.16 Installer vulnerability
  • 3 comments

Bounties: What to do with a high impact Drupal vulnerability?

Heine —Mon, 2012/06/11 - 10:31

The security landscape is changing. There's been on and off talk about bounties for security vulnerabilities and some firms already buy vulnerabilities (SecuriTeam, ZDI). This also causes me to re-evaluate the value of a vulnerability.

Suppose I've recently found an arbitrary code execution vulnerability that could very likely be exploited on a large fraction of 400K+ Drupal sites.

What do you think I should do with it?

For the comments: What's your opinion on a security vulnerability bounty program?

Update: I've reported the vulnerability via SecuriTeam. It has been fixed with the release of Drupal 7.16. See SA-CORE-2012-003 for details.

Report to the Drupal security team
91% (78 votes)
Wait for a bug-bounty program, then report
5% (4 votes)
Sell to the highest bidder
3% (3 votes)
Other (please comment)
1% (1 vote)
Total votes: 86
  • Drupal
  • Security
  • Planet Drupal
  • Read more about Bounties: What to do with a high impact Drupal vulnerability?
  • 13 comments

Drupal CSRF Exploit reported on packetstorm

Heine —Fri, 2012/03/09 - 11:06

On March 2nd 2012, security researcher Ivano Binetti published an advisory on Drupal 7 anti-CSRF measures. He/She rightly identified the long standing Logout CSRF annoyance (#144538), but the rest of his/her advisory is not helpful.

  • Planet Drupal
  • Security
  • Drupal
  • Read more about Drupal CSRF Exploit reported on packetstorm
  • 8 comments

Homeopathie & Influenza tijdens pandemie 1918 - Opinie Feb 2012 Arts & Auto

Heine —Sat, 2012/02/25 - 21:12

De Opinie in de Arts & Auto (Feb 2012) —een uitgave van de Vereniging voor Arts, Kwakzalver & Auto (VvAA)— verwijst naar een publicatie van Dewey over het homeopatisch behandelen van Influenza in 1918.

Na enig speurwerk heb ik een kopie gevonden en bijgevoegd voor geïnteresseerden.

  • Griep
  • Homeopathie
  • VvAA
  • Read more about Homeopathie & Influenza tijdens pandemie 1918 - Opinie Feb 2012 Arts & Auto

Pages

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • next ›
  • last »
Subscribe to Heine RSS

Recent posts

  • "Always offline" problem in EA's Origin due to antivirus
  • From bug to exploit - Bakery SSO
  • Solving getting bogus dates via MSSQL_QUERY
  • Explaining the Drupal < 7.16 Installer vulnerability
  • Bounties: What to do with a high impact Drupal vulnerability?
more

Security reviews

I provide security reviews of custom code, contributed modules, themes and entire sites.

Contact me for a quote.

Follow @Ustima

Copyright © 2013 by Heine Deelstra. All rights reserved.

  • Home
  • Drupal
  • About
  • Contact