Drupal Sanitization XSS ·ì϶

°ä²¼¹¦·ò 2021-04-22

0x00 ·ì϶¸ÅÊö

CVE  ID


ʱ   ¼ä

2021-04-22

Àà   ÐÍ

XSS

µÈ   ¼¶

¸ßΣ

Ô¶³ÌÀûÓÃ

ÊÇ

Ó°ÏìÁìÓò


PoC/EXP

δ¹«¿ª

ÔÚÒ°ÀûÓÃ

·ñ

 

0x01 ·ì϶ÏêÇé

image.png

DrupalÊÇPHP±àдµÄ¿ªÔ´ÄÚÈÝÖÎÀí¿ò¼Ü£¨CMF£©£¬£¬ £¬£¬£¬£¬£¬ËüÓÉÄÚÈÝÖÎÀíϵͳ£¨CMS£©ºÍPHP¿ª·¢¿ò¼Ü£¨Framework£©¹²Í¬×é³É£¬£¬ £¬£¬£¬£¬£¬Ä¿Ç°ÒѾ­³ÉΪÊÀ½çÉÏ×îÊÜ»¶Ó­µÄCMSÖ®Ò»¡£¡£¡£¡£ ¡£¡£

2021Äê04ÔÂ21ÈÕ£¬£¬ £¬£¬£¬£¬£¬Drupal°ä²¼°²È«²¼¸æ£¬£¬ £¬£¬£¬£¬£¬½¨¸´ÁËDrupalÖеÄÒ»¸öXSS·ì϶¡£¡£¡£¡£ ¡£¡£¸Ã·ì϶ÊÇÓÉÓÚDrupal CoreµÄsanitization APIÔÚijЩÇé¿öÏÂÎÞ·¨ÕýÈ·¹ýÂË¿çÕ¾¾ç±¾£¬£¬ £¬£¬£¬£¬£¬¹¥»÷ÕßÄܹ»Í¨¹ýÀûÓÃXSS·ì϶²åÈë¶ñÒâ´úÂë¡¢µÁÈ¡Óû§ÐÅÏ¢»ò½øÐÐÆäËü²Ù×÷¡£¡£¡£¡£ ¡£¡£

 

Ó°ÏìÁìÓò

Drupal < 9.1.7

Drupal < 9.0.12

Drupal < 8.9.14

Drupal < 7.80

 

0x02 ´ëÖý¨Òé

Ä¿Ç°DrupalÍŶÓÒѾ­½¨¸´ÁË´Ë·ì϶£¬£¬ £¬£¬£¬£¬£¬½¨Òéʵʱ¸üÐÂÖÁÒÔÏ°汾£º

Drupal 9.1.7

Drupal 9.0.12

Drupal 8.9.14

Drupal 7.80


ÏÂÔØÁ´½Ó£º

https://www.drupal.org/project/drupal/releases/9.1.7

https://www.drupal.org/project/drupal/releases/9.0.12

https://www.drupal.org/project/drupal/releases/8.9.14

https://www.drupal.org/project/drupal/releases/7.80


×¢£º8.9.x֮ǰµÄDrupal 8¹Ù·½ÒÑÖÕ³¡Ö§³Ö¡£¡£¡£¡£ ¡£¡£´Ë±í£¬£¬ £¬£¬£¬£¬£¬°²È«ÈËÔ±»¹Õë¶ÔÒÑÖÕ³¡Ö§³ÖµÄDrupal 6ÔÚGithubÉÏ°ä²¼Á˺ÏÓÃÓÚSA-CORE-2021-002µÄDrupal 6Ö÷Ìⰲȫ¸üС£¡£¡£¡£ ¡£¡£

 

0x03 ²Î¿¼Á´½Ó

https://www.drupal.org/sa-core-2021-002

https://www.mydropwizard.com/blog/drupal-6-core-security-update-sa-core-2021-002

https://github.com/d6lts/drupal/releases/tag/6.57

 

0x04 ¹¦·òÏß

2021-04-21  Drupal°ä²¼°²È«¹«¸æ

2021-04-22  VSRC°ä²¼°²È«¹«¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö³ß¶È¹ÙÍø£ºhttp://www.first.org/cvss/

image.png