Some older browsers are vulnerable to XSS attacks as such
<img src="javascript:alert('yo')" />
Current versions of IE, FF, Chrome are not.
I am curious if any browsers are vulnerable to a similar attack:
<img src="somefile.js" />
or
<iframe src="somefile.js" />
or other similar where somefile.js contains some malicious script.
In a Cross-site Scripting attack (XSS), the attacker uses your vulnerable web page to deliver malicious JavaScript to your user. The user's browser executes this malicious JavaScript on the user's computer. Note that about one in three websites is vulnerable to Cross-site scripting.
Definition and UsageThe src property sets or returns the value of the src attribute of an image. The required src attribute specifies the URL of an image. Note: The src property can be changed at any time.
The img src stands for image source, which is used to specify the source of an image in the HTML <img> tag.
To carry out a cross site scripting attack, an attacker injects a malicious script into user-provided input. Attackers can also carry out an attack by modifying a request. If the web app is vulnerable to XSS attacks, the user-supplied input executes as code.
All major browsers are still vulnerable to these attacks. Tons of ways of using img tags are still around.. For example...
<img src='#' onerror=alert(1) />
Look for RSnake's xss cheatsheet, those are just some vectors. By the way, I've heard he's coming up with a new version of his cheatsheet soon.
No. Image data is never executed as JavaScript. The if the src is a JavaScript link, the JavaScript is executed, but the fundamental reading of data that comes from a request to the src does not involve JavaScript.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With