Xss from URL...

Events happening in the community are now at Drupal community events on www.drupal.org.

Posted by ingo86 on October 22, 2008 at 10:17pm

Hi all,
The scanner is tested to find XSS vulnerabilities inside a drupal installation. These could be found only searching into the forms of the website. There's no way right now to add an exploit as a parameter of the url of the page.
Something like
http://www.example.com/?q=<script>alert(xss);</script>
This is something I wanna add as new feature, but make it automatic is not so trivial.
Suggestions?

Security

You must register or login in order to post into this group.

Group organizers

greggles
mlhess
coltrane

New groups

Arabic
Alappuzha
Event Platform
Western Ohio User Group
Goa Drupal Community
Liverpool
Chandigarh Drupal Geeks (C.D.G.)
API-First Working Group
Compony opinionated developers
4SPOTS

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

All posts:
- Feed
- Page