XSS attack with javascript in img src attribute

xss security
53,223

Solution 1

No. Image data is never executed as JavaScript. The if the src is a JavaScript link, the JavaScript is executed, but the fundamental reading of data that comes from a request to the src does not involve JavaScript.

Solution 2

All major browsers are still vulnerable to these attacks. Tons of ways of using img tags are still around.. For example...

<img src='#' onerror=alert(1) />

Look for RSnake's xss cheatsheet, those are just some vectors. By the way, I've heard he's coming up with a new version of his cheatsheet soon.

Solution 3

here you can find some XSS attacking vector http://ha.ckers.org/xss.html

Share:
53,223
Matthew
Author by

Matthew

Developer, Trainer, Architect, Mentor, Speaker, Technology Leader, Client Liaison. I like JavaScript, .Net, Web, fun, beer, food, robots, mountains, lakes, oceans, rivers, anything on 2 wheels, anything that floats.

Updated on July 05, 2022

Comments

  • Matthew
    Matthew almost 2 years

    Some older browsers are vulnerable to XSS attacks as such

    <img src="javascript:alert('yo')" />

    Current versions of IE, FF, Chrome are not.

    I am curious if any browsers are vulnerable to a similar attack:

    <img src="somefile.js" />

    or

    <iframe src="somefile.js" />

    or other similar where somefile.js contains some malicious script.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Client Cross Frame Scripting Attack resolution
Hacking training simulator
Preventing XSS in ASP.Net Webforms: why is Validate Request not enough?
Alternative to using c:out to prevent XSS
xss bypassing angle brackets and double quotes escaping
How to perform output encoding using filter to prevent XSS?
Simple CSRF protection using nginx alone
Javascript XSS Prevention
Sanitizing HTML input value
Why is Cloudfront loading scripts in my web app? (I don't use it)