I'm working on exploit for latest Drupal (7.12).
Now there is "next part of fuzzing" started, so post will be updated soon (maybe today/*tommorow).
Anyway: I need some help with writing patch.
If You are interested, let me know! ;)
*... today ;) *
Fuzzing still in progress (with a lot of "reading";))
But for now we can say:
* 12.03.2012 - 8:30 - Updated *
After 2 days, I have 3 different bugs for latest Drupal.
So, if You're still interested in exploit/patch process development, let me know! ;)
* 12.03.2012 - 9:52 - Updated *
Wow, it will be a very busy Monday ;)
I found another bug in Drupal, this time is in admin panel, (but in case when 'normal user' will do sql-injection from bugs I described at the top of this post, there is a risk of be-0wned ;P)
From 'simple' fuzzing of my 'simple' tools, there is simple 'total score':
- 3 sql-injection (or will be extended to something more/less)
- 5 information disclosure bugs
*13.03.2012 - 3:36 - Updated*
Ok. So for now there is 9 vulnerabilities. :)
Possible both situations:
- sql injection / information disclosure from normal/registered user
- like before, but for admin...
To be continued... ;)
*... today ;) *
Fuzzing still in progress (with a lot of "reading";))
But for now we can say:
- for not logged : there is information disclosure (or I will extend it if possible to something more useful)
- for logged-in as a normal/registered/authenticated user: ... ;)
* 12.03.2012 - 8:30 - Updated *
After 2 days, I have 3 different bugs for latest Drupal.
So, if You're still interested in exploit/patch process development, let me know! ;)
* 12.03.2012 - 9:52 - Updated *
Wow, it will be a very busy Monday ;)
I found another bug in Drupal, this time is in admin panel, (but in case when 'normal user' will do sql-injection from bugs I described at the top of this post, there is a risk of be-0wned ;P)
From 'simple' fuzzing of my 'simple' tools, there is simple 'total score':
- 3 sql-injection (or will be extended to something more/less)
- 5 information disclosure bugs
*13.03.2012 - 3:36 - Updated*
Ok. So for now there is 9 vulnerabilities. :)
Possible both situations:
- sql injection / information disclosure from normal/registered user
- like before, but for admin...
To be continued... ;)
oh,just what i need,drupal..hard!
ReplyDeletecheap designer sunglasses:
ReplyDeletehi, thanks for comments;)
and btw nice to know You're interested in Drupal,
because I think there should be more to present ;)
Mail me if You have more questions @ contact.
Anyway as I'm looking for a job now, so March/April is very busy.
Topic will be updated, but now I'm going to next part of interview. ;)
Cheers!
gosh..i never believe u would reply me..lol
ReplyDeletethanks! i wish u good luck when finding job!
yes,me again,hahaha..lol
oakley discount:
ReplyDeleteit's a pleasure to reply ;) Feedback is very imoprtant ;P
Regards o/