DRUPAL-SA-CORE-2009-007
Lisa Kachold
lisakachold at obnosis.com
Mon Jul 6 13:38:33 MST 2009
Yes, and those are just the known issues.
Run sql injection tools and tests and see where one gets?
There really are a great many problems and potential issues (due to failure
to install correctly) and php/mysql web system.
On Mon, Jul 6, 2009 at 1:22 PM, Stephen <cryptworks at gmail.com> wrote:
> i think this is for all the others of us running drupal as much as for
> the plug drupal
>
> but both bits of info was great.
>
> On Mon, Jul 6, 2009 at 1:20 PM, Lisa Kachold<lisakachold at obnosis.com>
> wrote:
> > WE don't run forums on the PLUG site Ryan.
> >
> > There are a great many exploits in all manner of Drupal 4,5,6 modules and
> we
> > fairly well know them for the PLUG site.
> >
> >
> > On Mon, Jul 6, 2009 at 10:43 AM, Ryan Rix <phrkonaleash at gmail.com>
> wrote:
> >>
> >> Multiple issues, time for an update, all you Drupal users!
> >>
> >> Cross-site scripting
> >>
> >> The Forum module does not correctly handle certain arguments obtained
> from
> >> the
> >> URL. By enticing a suitably privileged user to visit a specially crafted
> >> URL,
> >> a malicious user is able to insert arbitrary HTML and script code into
> >> forum
> >> pages. Such a cross-site scripting attack may lead to the malicious user
> >> gaining administrative access. Wikipedia has more information about
> >> cross-site
> >> scripting (XSS).
> >>
> >> This issue affects Drupal 6.x only
> >>
> >> http://drupal.org/node/507572
> >>
> >> Ryan
> >> ---------------------------------------------------
> >> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> >> To subscribe, unsubscribe, or to change your mail settings:
> >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
> >
> >
> > --
> > (623)239-3392 Skype: obn0sis
> > (503)754-4452 www.obnosis.com
> >
> >
> >
> >
> >
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
>
>
>
> --
> A mouse trap, placed on top of your alarm clock, will prevent you from
> rolling over and going back to sleep after you hit the snooze button.
>
> Stephen
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
(623)239-3392 Skype: obn0sis
(503)754-4452 www.obnosis.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20090706/05c89f00/attachment.htm
More information about the PLUG-discuss
mailing list