[spoiler][b]Do not remove these notices[/b] [quote=eehjhay]Due to Major Forum Clean-up, some old topics related to linkers will be moved to [url=http://theftalk.com/f52-Archives.html]Archive[/u
You are viewing a post by xavierkym. View all 5004 posts in [spoiler][b]Do not remove these notices[/b] [quote=eehjhay]Due to Major Forum Clean-up, some old topics related to linkers will be moved to [url=http://theftalk.com/f52-Archives.html]Archive[/u.
2008-09-17 18:23:44
- xavierkym
- » FTalkFreak
1651
0
1969-12-31
Re: [spoiler][b]Do not remove these notices[/b] [quote=eehjhay]Due to Major Forum Clean-up, some old topics related to linkers will be moved to [url=http://theftalk.com/f52-Archives.html]Archive[/u
onerror is actually the old fashion way of catching an error in a webpage caused by some Javascript error. Since onerror can handle a function, it can be used as an XSS Vector just like what we are doing right now. Apparently, most browsers can read this function and it is therefore a cross-browser XSS Vector.
onerror can work in img tag, script tag or a tag. Because onerror can handle functions and stuffs like that, we can use createElement to insert a new tag, well in this case a script tag (to load our JS Codes).
Actually, we shouldn't be bothered about this. 
Last edited by xavierkym (2008-09-17 18:24:04)
 |