Heine

  • Home
  • Drupal
  • About
Home

Gain administrator privileges via an XSS vulnerability in Recipe

Heine —Tue, 2007/02/20 - 22:53

For those with the tendency to downplay cross site scripting (XSS) vulnerabilities, a small videocast on how a vulnerability in the contributed module Recipe can get an attacker administrator access to a Drupal site. The vulnerability was fixed with DRUPAL-SA-2006-014 a long time ago, so I feel it's safe to publish the video now.

ยป Videocast.

  • Drupal
  • Security
  • Planet Drupal
  • bug2exploit

Recent posts

  • Other vectors for SA-CORE-2014-005?
  • Lazy loading: hook_hook_info is for hook owners only.
  • "Always offline" problem in EA's Origin due to antivirus
  • From bug to exploit - Bakery SSO
  • Solving getting bogus dates via MSSQL_QUERY
more

Security reviews

I provide security reviews of custom code, contributed modules, themes and entire sites via LimoenGroen.

Contact us for a quote.

Follow @Ustima

Copyright © 2016 by Heine Deelstra. All rights reserved.

  • Home
  • Drupal
  • About