Drupal 11.0.1-Stored XSS

GrimTheRipper
Sep 2, 2024

--

Description:

# An Issue is discovered in Drupal 11.0.1

# We found a vulnerability XSS that allow attackers to store XSS via body in add Article.

Affected Component:

http://[ip]/en/node/add/article

http://[ip]/en/node/24/edit?destination=/en/node/24

Payload:

<script>alert(/Grim The Ripper Team by SOSECURE Thailand/)</script>

Proof of Concept:

First, login to the target application.

Enter to Target http://IP/

We login to the target application with admin privileges.

Login to console page as admin.

Select Create then click on Article function.

Console page of Administrator.

Select Text format “Full HTML” .

Create New page Article.

Enter information into the form provided and input the XSS payload in the Body field after click on “Source” button then click “Save” button.

Input payload in Body field.

Next, then click “Save” button.

Execute to page was created.

The XSS payload will run immediately.

Payload was execute.

Author:

Grim The Ripper Team by SOSECURE Thailand

--

--

GrimTheRipper

You get the best out of others when you give the best of yourself