SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Guru
    Join Date
    Nov 2008
    Posts
    622
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Javascript XSS on img tag

    hi

    i was looking at this article about cross site attacks

    https://www.owasp.org/index.php/XSS_...ript_directive

    There many examples like
    HTML Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <title>Untitled Document</title>
    </head>
    
    <body>
    <IMG SRC="javascript:alert('XSS');">
    <img src="javascript:alert('XSS');" alt="" />
    </body>
    </html>
    But the both image tags dont open any alert box.

    I just want to check safety against XSS attacks

    vineet

  2. #2
    Gre aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    5,938
    Mentioned
    214 Post(s)
    Tagged
    12 Thread(s)
    Hi,

    Most modern browsers are clever enough to block stuff like this, if you just make a web page and include this in the body.
    I'm no expert, but one real danger of XSS is when you are accepting user input and doing something with it on the server side.
    If you want to check out a site which is intentionally vulnerable to XSS, visit: http://www.insecurelabs.org/
    For example, go to the talks page and try typing <script>alert("Hello");</script> into the search field.
    This might be worth looking at, too: http://www.insecurelabs.org/Task


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •