XSS attack with javascript in img src attribute

18
votes

Some older browsers are vulnerable to XSS attacks as such

<img src="javascript:alert('yo')" />

Current versions of IE, FF, Chrome are not.

I am curious if any browsers are vulnerable to a similar attack:

<img src="somefile.js" />

or

<iframe src="somefile.js" />

or other similar where somefile.js contains some malicious script.

3
xsssecurity
How about "try and see for yourself"?Piskvor left the building
I did with modern versions of IE, FF and Chrome. Don't have any older browsers so that's why I was asking.Matthew

3 Answers

48
votes

All major browsers are still vulnerable to these attacks. Tons of ways of using img tags are still around.. For example...

<img src='#' onerror=alert(1) />

Look for RSnake's xss cheatsheet, those are just some vectors. By the way, I've heard he's coming up with a new version of his cheatsheet soon.

5
votes

No. Image data is never executed as JavaScript. The if the src is a JavaScript link, the JavaScript is executed, but the fundamental reading of data that comes from a request to the src does not involve JavaScript.

1
votes

here you can find some XSS attacking vector http://ha.ckers.org/xss.html