[spoiler][b]Do not remove these notices[/b] [quote=eehjhay]Due to Major Forum Clean-up, some old topics related to linkers will be moved to [url=http://theftalk.com/f52-Archives.html]Archive[/u
You are viewing a post by Uchihanuke. View all 5004 posts in [spoiler][b]Do not remove these notices[/b] [quote=eehjhay]Due to Major Forum Clean-up, some old topics related to linkers will be moved to [url=http://theftalk.com/f52-Archives.html]Archive[/u.
2008-10-08 12:32:33
- Uchihanuke
- » n00b
13
0
1969-12-31
Re: [spoiler][b]Do not remove these notices[/b] [quote=eehjhay]Due to Major Forum Clean-up, some old topics related to linkers will be moved to [url=http://theftalk.com/f52-Archives.html]Archive[/u
[quote=bobcbar]Understand, did you see this post from xavier?
xavierkym wrote:
onerror is actually the old fashion way of catching an error in a webpage caused by some Javascript error. Since onerror can handle a function, it can be used as an XSS Vector just like what we are doing right now. Apparently, most browsers can read this function and it is therefore a cross-browser XSS Vector.
onerror can work in img tag, script tag or a tag. Because onerror can handle functions and stuffs like that, we can use createElement to insert a new tag, well in this case a script tag (to load our JS Codes).
Actually, we shouldn't be bothered about this.
Last edited by xavierkym (2008-09-17 17:24:04)[/quote]
now I understand....
thank yeah:lol:
 |