Videos
Published on October 1st, 2010 📆 | 4756 Views ⚑
0Cracking into Drupal – XSS Demo
iSpeech.org
A Cross Site Scripting (XSS) demo on Drupal. A malicious user is allowed to enter Javascript into comments that is not filtered when output. An administrator views the malicious comment and the Javascript executes on their browser, changing admin-only settings like passwords and puts the site offline.
Be sure to audit your configuration for what untrusted visitors (like anonymous) are allowed to do. If they're allowed to use the Full HTML input format then your site is vulnerable.
Read the blog post at http://drupalscout.com/knowledge-base/anything-you-can-do-xss-can-do-better
Likes: 7
Viewed:
source
Gloss