This is my personal site. Whatever I find interesting may find its way here. Comments on this site are moderated. It may take a while for them to appear.
What's with all this 'Drupal' stuff?
I (co) maintained the following modules:
- MyCaptcha - an easy to use math and image CAPTCHA implementation.
- Comment mover - move comments to other posts, or convert comments to posts and vice versa.
- Elements - provides a number of new form element types.
- User badges - give roles or individual users a badge for display.
- Comment upload - enable attachments on comments.
- Taxonomy defaults - assign preselected or default terms to new posts.
- Form store - provide other modules (eg Captcha) with a list of forms.
- Form inspect - ease development using hook_form_alter by displaying form IDs and form structures.
I was the Drupal security team's technical lead from July 2006 until October 2011.
I found the following vulnerabilities in Drupal core:
- SQL injection via Entity Reference autocomplete in Drupal 8 prerelease
- Access bypass of token validation
- Arbitrary PHP code execution and Information disclosure
- Cross site scripting via Exceptions in Drupal 7 prerelease
- Potential SQL injection weakness in Drupal 7 prerelease (2x)
- Arbitrary code execution via comment previews
- SQL injection via the numeric query placeholder %n
- Reflected cross site scripting vulnerability in the Drupal 6 error handler
- OpenID authentication bypass
- OpenID association cross site request forgeries
- File upload extensions not properly processed
- BlogAPI access bypass
- Cross site request forgeries on cachable forms
- Cross site request forgeries of uploads
- Translated string deletion via cross site request forgeries
I found the following vulnerabilities in contributed modules:
- Encrypt - Weak encryption (also reported by Chad DeGroot)
- Secure Cookie Data - Cookie tampering due to incorrect hash compare
- Arbitrary PHP code execution via CSRF in Views UI, CTools Page manager and derived modules
- Context - Remote code execution / Access bypass
- Login security - Multiple vulnerabilities (DOS also reported by dstol)
- Bakery SSO access bypass (login as any user).
- CKeditor and FCKEditor arbitrary PHP code execution and XSS
- Drupad cross site request forgeries
- Live preview cross site request forgeries (possible arbitrary code execution)
- Private upload access bypass
- Droptor SQL injection
- Database administration cross site request forgeries
- Aggregation vulnerabilities
- Project & project issue file handling
I only provide free Drupal support on the Drupal.org forum or in the drupal channels on irc.freenode.net.
|IRC||Heine in #drupal on irc.freenode.net|