Valid URL as a Potential XSS Vector---This would be mine and yours URL from now on: http://xssplayground.net23.net/xss%22onmouseover=%22alert(1); %20imagefile.svg by Ashar Javed https://twitter.com/soaj1664ashar You often read about a term „specially crafted URL“ while skimming through XSS literature. I think there is no such thing and this is the most abused/misused term in the literature.
https://twitter.com/soaj1664ashar/status/429913133050654720 The correct term might be „customized URL“ and the goal is to XSSed a site with the help of this customized but valid URL. The customized URL is a valid URL and it is renderable in browsers. At the same time, if used, has a potential to XSSed a site. Last night (this is how I spend weekends), I came across a site because I was looking for live example where I can XSSed a site with the help of „customized URL“. I will not tell you the name because the XSS is still live but just FYI that site has a rank in b/w 1400-1450 in Alexa1 ranking at the time of writing. At one point in site's functionality, site asks me to provide a URL. Whenever site asks me to provide a URL, I always input ... javascript:alert(1) [JavaScript URI] OR data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+ [DATA URI] In most of the cases, the above two works like charm and easily XSSed a site. Recently, I XSSed 1 http://www.alexa.com/