Reputation: 162
Scope of Javascript inside src attribute of image
I have to do an XSS-Attack for a security related university project. I want to store an image that has malicious code inside its source attribute. However, it seems to be that I don't have access to any javascript objects from the the src attribute.
Here are some things I tried:
<img src="jAvascript:alert('XSS')">
Throws: Reference Error alert is not defined.
<img src="jAvascript:window.alert('XSS')">
Throws: Reference Error window is not defined
<img src="jAvascript:var x = new XMLHttpRequest();">
Throws: Reference Error XMLHttpRequest is not defined
What is the problem here, and how can I access the main window of the site and the objects I want to access?
EDIT: Onerror and all the other events are filtered.
Upvotes: 1
Views: 785
Answers (1)
Reputation: 382132
The src isn't executed, so that won't work.
A solution would be to use onerror :
<img src="wrong" onerror="alert('XSS')">
Depending on how your src attribute is injected, you may be able to pass this value :
wrong" onerror="alert('XSS')
But no decent framework is vulnerable to that kind of attack.
Upvotes: 2
Related Questions
- Insert Javascript code inside img src
- html image src call javaScript variable
- XSS safe img src insertion
- JavaScript "<SCRIPT>" in Image src attribute
- XSS attack with javascript in img src attribute
- specify image source in javascript
- Why are javascript: URIs allowed in the src attribute of <img> tags?
- How do i access 'src' attribute of <img> tag in javascript?
- IMG SRC and Javascript
- Do i need to take care when setting src attribute of an image, where src path is specified by user?