About Data Protocol in Browser

sla.ckers.org is
ha.ckers sla.cking

Q and A for any cross site scripting information. Feel free to ask away.

Go to Topic: Previous•Next

Go to: Forum List•Message List•New Topic•Search•Log In

About Data Protocol in Browser

Posted by: Nonove

Date: September 26, 2009 10:25AM

I encountered a problem about the data protocol.

Yesterday,I read the paper Browser_Hijacking_Techniques_2009.
The paper lists some XSS PoC about Data Protocol.
I tried the PoC,but failed.It didn't work.

IE8 supports the data protocol.
Also the examples didn't work.

Need some help, here.
Thanks!!!

the paper url:http://www.xssed.com/article/29/Browser_Hijacking_Techniques_2009/
IE8 data protocol: http://msdn.microsoft.com/en-us/library/cc848897(VS.85).aspx

Edited 1 time(s). Last edit at 09/26/2009 10:41AM by Nonove.

Options: Reply•Quote

Re: About Data Protocol in Browser

Posted by: thornmaker

Date: September 26, 2009 11:38AM

the msdn page you link to says:

Quote

For security reasons, data URIs are restricted to downloaded resources. Data URIs cannot be used for navigation, for scripting, or to populate frame or iframe elements.

Options: Reply•Quote

Re: About Data Protocol in Browser

Posted by: Nonove

Date: September 26, 2009 08:39PM

@thornmaker.
Thanks! actually, I missed the passage.

Options: Reply•Quote

Go to: Forum List•Message List•Search•Log In

Sorry, only registered users may post in this forum.

Click here to login