Home » Forum » General » General discussion

Drupal site votehillary.org exploited

·
spamjim - April 28, 2008 - 12:36

I just saw this on Netcraft:

http://news.netcraft.com/archives/2008/04/24/clinton_and_obama_xss_battl...

I'm wondering how it happened and how this may be a risk for other Drupal 5 users. I suspect it was just carelessness in allowing full HTML (including iframes) in comments. The votehillary.org site now appears to be running 5.7 and with comments disabled.

» Login or register to post comments

Full HTML I think.

matt_harrold - April 28, 2008 - 13:05

Yeah ... just a permission oversight and over-estimation of the "nature of humans". You can't blame Drupal for that.

Login or register to post comments
 
 

Drupal is a registered trademark of Dries Buytaert.