New XSS vector

By Gareth Heyes (@hackvertor)

Published 17 years 8 months ago • Last updated March 22, 2025 • ⏱️ < 1 min read

Yes a XSS post again. I'm sorry :)

I've been having fun testing some really good filters (some of the best in the business IMO). I found a vector that isn't on rsnake's cheat sheet. Check it out:-

Only works on IE

Because IE treats the isindex element (a very old html element) as a input tag you can specify the same attributes and execute javascript.

Update...

Found another variation which is pretty cool:-

← Back to articles

New XSS vector

By Gareth Heyes (@hackvertor)

Published 17 years 8 months ago • Last updated March 22, 2025 • ⏱️ < 1 min read

← Back to articles

Yes a XSS post again. I'm sorry :)

I've been having fun testing some really good filters (some of the best in the business IMO). I found a vector that isn't on rsnake's cheat sheet. Check it out:-

Only works on IE

Because IE treats the isindex element (a very old html element) as a input tag you can specify the same attributes and execute javascript.

Update...

Found another variation which is pretty cool:-

← Back to articles