This site is soon to be deprecated by http://www.johnleitch.net

Tuesday, June 2, 2009

Getting The Most Out Of onmouseover - eBaumsWorld.com

Getting The Most Out Of onmouseover - www.ebaumsworld.com
By styling a vulnerable element the inline onmouseover event can be nearly as effective as onload. Using the width and height CSS properties the chance of a user hovering their mouse over a vulnerable element can be greatly increased.



http://www.ebaumsworld.com/search/criteria="onmouseover="alert(0);

Prior to styling the control the injected script is only run if the user hovers over the search input in the center of the screen.



http://www.ebaumsworld.com/search/criteria="style="width:999px;height:999px;"onmouseover="alert(0);

With more screen real estate taken up by the newly styled input chances of triggering the event are better.

2 comments: