Reply to comment

Drupal Module with holes

Submitted by root on Fri, 2008-05-16 08:16

The Drupal Site Documentation Module [1] bears a Security Sole that allows access to sensitive Data of your Drupal Installation says Secunia [2] and Drupal.org [3].

This Module displays Content of arbitrary Tables of Drupal's Database. This can be misused to get the Session-IDs of logged-in Users as well as Usernames, hashed Passwords and E-Mail Adresses.

It is recommended to upgrade to Version 6.x-1.1 [4] respective 5.x-1.8 [5].

Links:
[1] http://drupal.org/project/sitedoc
[2] http://secunia.com/advisories/30257/
[3] http://drupal.org/node/258547
[4] http://ftp.drupal.org/files/projects/sitedoc-6.x-1.1.tar.gz
[5] http://ftp.drupal.org/files/projects/sitedoc-5.x-1.8.tar.gz

Reply

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <q> <cite> <blockquote> <code> <ul> <ol> <li> <hr>
  • You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>, <codeblock>.
  • Web page addresses and e-mail addresses turn into links automatically.

  • Links to specified hosts will have a rel="nofollow" added to them.

  • Lines and paragraphs break automatically.
  • Textual smileys will be replaced with graphical ones.
CAPTCHA
This question shall determine if you're human or machine to prevent automatic SPAM-entries.
Fill in the blank