Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
XSS via "data:" in "a" tag ideas?
Posted by: mjmorrell
Date: January 31, 2011 01:27PM

http://en.wikipedia.org/wiki/Data_URI_scheme

I am able to insert an "<a href="data: ..."> into a page that I am trying to find a vulnerability on.


The page filters out the words and "base64"&"text/html" so my only options are to figure out a way to run javascript via a different MIME type.

HTML filters pick up any nasty code I could try to put in there that isn't obfuscated.

I have thought about PDF to run the javascript via something like this:

<a href="data:application/pdf,nasty pdf code with javascript goes here">

but not sure if that is possible. Any ideas?



Edited 2 time(s). Last edit at 01/31/2011 01:33PM by mjmorrell.

Options: ReplyQuote
Re: XSS via "data:" in "a" tag ideas?
Posted by: Gareth Heyes
Date: January 31, 2011 01:31PM

data:text/xml,<html xmlns="http://www.w3.org/1999/xhtml"><script>alert(1)</script></html>

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: XSS via "data:" in "a" tag ideas?
Posted by: Anonymous User
Date: January 31, 2011 05:05PM

FF3 allows to omit the content type:

data:x,<h1>hello</h1>

Options: ReplyQuote
Re: XSS via "data:" in "a" tag ideas?
Posted by: mjmorrell
Date: July 04, 2011 09:51PM

Thanks for the suggestions guys



Edited 5 time(s). Last edit at 07/05/2011 01:41AM by mjmorrell.

Options: ReplyQuote


Sorry, only registered users may post in this forum.