Heine

  • Home
  • Drupal
  • About
Home

Security

IN (%s); a security vulnerability waiting to happen

Heine —Tue, 2007/06/19 - 00:14

I've written before about (ab)using %s in IN clauses such as:

  • Drupal
  • Security
  • Planet Drupal
  • Read more about IN (%s); a security vulnerability waiting to happen
  • 1 comment

Do a quick security review when porting your module

Heine —Thu, 2007/02/22 - 08:48

Adapted from a mail I sent to the Drupal development list.

Porting a module is an excellent opportunity to keep an eye out for security problems (evidence: DRUPAL-SA-2006-031). Here's a quick security reminder regarding input (user-supplied data). Code samples are only included to make a point, do not hold them against me.

  • Drupal
  • Security
  • Planet Drupal
  • Read more about Do a quick security review when porting your module

Gain administrator privileges via an XSS vulnerability in Recipe

Heine —Tue, 2007/02/20 - 22:53

For those with the tendency to downplay cross site scripting (XSS) vulnerabilities, a small videocast on how a vulnerability in the contributed module Recipe can get an attacker administrator access to a Drupal site. The vulnerability was fixed with DRUPAL-SA-2006-014 a long time ago, so I feel it's safe to publish the video now.

» Videocast.

  • Drupal
  • Security
  • Planet Drupal
  • bug2exploit
  • Read more about Gain administrator privileges via an XSS vulnerability in Recipe

Pages

  • « first
  • ‹ previous
  • 1
  • 2
  • 3
Subscribe to Security

Recent posts

  • Teampassword manager's password generator is biased
  • Other vectors for SA-CORE-2014-005?
  • Lazy loading: hook_hook_info is for hook owners only.
  • "Always offline" problem in EA's Origin due to antivirus
  • From bug to exploit - Bakery SSO
more

Security reviews

I provide security reviews of custom code, contributed modules, themes and entire sites via LimoenGroen.

Contact us for a quote.

Follow @ustima

Copyright © 2021 by Heine Deelstra. All rights reserved.

  • Home
  • Drupal
  • About