发表新帖
发表新帖

XSS attack with javascript in img src attribute

后端 未结
关注
3 1778
离开以前
离开以前 2021-02-07 11:31

Some older browsers are vulnerable to XSS attacks as such

Current versions of IE, FF, Chrome are

相关标签:
3条回答
  • 不要未来只要你来
    2021-02-07 11:56

    All major browsers are still vulnerable to these attacks. Tons of ways of using img tags are still around.. For example...

    <img src='#' onerror=alert(1) />

    Look for RSnake's xss cheatsheet, those are just some vectors. By the way, I've heard he's coming up with a new version of his cheatsheet soon.

    0 讨论(0)
  • -上瘾入骨i
    2021-02-07 12:08

    No. Image data is never executed as JavaScript. The if the src is a JavaScript link, the JavaScript is executed, but the fundamental reading of data that comes from a request to the src does not involve JavaScript.

    0 讨论(0)
  • 伪装坚强ぢ
    2021-02-07 12:14

    here you can find some XSS attacking vector http://ha.ckers.org/xss.html

    0 讨论(0)
 看不清?
提交回复
热议问题