Gain administrator privileges via an XSS vulnerability in Recipe
Heine Tue, 2007/02/20 - 22:53
For those with the tendency to downplay cross site scripting (XSS) vulnerabilities, a small videocast on how a vulnerability in the contributed module Recipe can get an attacker administrator access to a Drupal site. The vulnerability was fixed with DRUPAL-SA-2006-014 a long time ago, so I feel it's safe to publish the video now.
ยป Videocast.