Drupal 8.0.0-beta14 Vendor Script Vulnerable to XSS

September 5, 2015

Overview

Recently, I was playing around with the Drupal CMS application code. Drupal is an open source CMS application widely used for blog posting purpose, Further details, to know more about Drupal
here. Open source application advantage being, the source code was at my disposal.

While fiddling around with the core Drupal Vendor Package I stumbled upon a very interesting vulnerability of XSS. Now the idea was to see how exactly an attacker can exploit this particular XSS to impact Drupal users at large.
So let me walk you through the technical process of discovery and impact assessment for the Drupal source code audit which lead to the discovery of XSS which can be used to hijack drupal accounts or to perform other malicious activity by an attacker.

Read more here : http://blog.securelayer7.net/core-drupal-8-0-0-beta14-xss-attack/

Thank you for reading my blog

We Provide Penetration Testing

Leave a Reply

Your email address will not be published. Required fields are marked *

*




We Provide Penetration Testing