In some cases surfers turn off Javascript for some security reasons. HTML has limited scripting, in fact it has almost zero scripting capabilities. Well, that is only true if one discards the FOR attribute on a label element, part of form controls. I talked about this FOR attribute before and how to use it to trick users into uploading files form their computer secretly. Problem is, that mostly required Javascript. So I just thought about that FOR attribute, and since it binds a label to another element, it is in fact some sort of scripting right? or at least it's a kind of HTML logic that can be triggered if a surfers does something on a element.
Turns out, that it's possible to submit forms with it, without Javascript.
Useful, if you're into CSRF and all that. So what I did was the following. I
made a HTML page and created a label. Inside the label I placed the BODY of
the page, containing HTML text or whatever. Now, interestingly the LABEL and
it's content are now the button itself through binding of the FOR attribute.
So, that means that when you select text, or click inside the body the
binding becomes active, and the instruction to submit a form is executed.
My only hope is that it doesn't create binding between OBJECTS and LABELS,
as stated in the Forms RFC[1] where OBJECTS are also seen as control types
along fields, buttons and other form items. That would mean that it would be
possible to activate OBJECTS through binding labels to it.
Label binding example:
<label for="action">
<body>
RFC 3092 Etymology of "Foo" 1 April 2001
When used in connection with `bar' it is generally traced to the
WW II era Army slang acronym FUBAR (`Fucked Up Beyond All
Repair'), later modified to foobar. Early versions of the Jargon
File [JARGON] interpreted this change as a post-war
bowdlerization, but it now seems more likely that FUBAR was itself
a derivative of `foo' perhaps influenced by German `furchtbar'
(terrible) - `foobar' may actually have been the original form.
</body>
</label>
<form action="http://www.google.com"; method="get">
<input type="submit" id="action" style="display:none;">
</form>
[1] http://www.w3.org/TR/html401/interact/forms.html#h-17.2.1
[Ph4nt0m] <http://www.ph4nt0m.org/>
[Ph4nt0m Security Team]
<http://blog.ph4nt0m.org/> [EMAIL PROTECTED]
Email: [EMAIL PROTECTED]
PingMe:
<http://cn.pingme.messenger.yahoo.com/webchat/ajax_webchat.php?yid=hanqin_wu
hq&sig=9ae1bbb1ae99009d8859e88e899ab2d1c2a17724>
=== V3ry G00d, V3ry Str0ng ===
=== Ultim4te H4cking ===
=== XPLOITZ ! ===
=== #_# ===
#If you brave,there is nothing you cannot achieve.#
--~--~---------~--~----~------------~-------~--~----~
要向邮件组发送邮件,请发到 [email protected]
要退订此邮件,请发邮件至 [EMAIL PROTECTED]
-~----------~----~----~----~------~----~------~--~---
<<inline: image001.gif>>
