Sunday, 18 March 2012
[EN] Drupal 7.12 - enumeration/counter bug for (registered only)
As I wrote here, there is few bugs in latest Drupal (7.12).
I sad I will public it in April, but... enjoy today ;)
# TITLE ....... # Drupal 7.12 enumeration/counter bug for registered only.... #
# DATE ........ # 12.03.2012 ................................................... #
# AUTOHR ...... # http://hauntit.blogspot.com ............................... #
# SOFT LINK ... # http://drupal.org ......................................... #
# VERSION ..... # 7.12....................................................... #
# TESTED ON ... # LAMP ...................................................... #
# ........................................................................... #
# 1. What is this?
# 2. What is the type of vulnerability?
# 3. Where is bug :)
# 4. More...
#............................................#
# 1. What is this?
This is very nice CMS, You should try it! ;)
#............................................#
# 2. What is the type of vulnerability?
This is user enumeration or 'encouting bug' (the same situation is
in latest Wordpress (3.3.1) that I've described at my blog:
#............................................#
# 3. Where is bug :)
In admin panel we can set permitions for user like this:
- user can see other profiles
- user can not ;]
Vulnerability (if 'can see') can be used to get names of other users in webapp.
Vulnerability (if 'can not') can be used to count users (like in WP3.3.1)
Bug is because of way of how Drupal is informing user about an error.
If we can 'GET' to id-of-other-user, we can see 'Access Denied' or 'Page not found'.
http://drupal-7.12/?q=user/1 <-- user exist : "Access Denied"
http://drupal-7.12/?q=user/123123123 <-- user not exist : "Page could not be found"
Got it? ;)
#............................................#
# 4. More...
- http://hauntit.blogspot.com
- http://www.google.com
- http://portswigger.net
#............................................#
# Best regards
#
Labels:
0day,
drupal,
enumeration bugs,
exploit,
research,
vulnerability
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
What do You think...?