Is XSS in canonical link possible? Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)XSS triggered but chrome didn't show popup. What exactly was going on?Stored Cross-Site Scripting Without Parentheses or SpacesXSS using JSF**kA possible router XSS vulnerabilityDoubt Vulnerability XSSLink shortener that virtualizes link for reflected XSS?Is this XSS filter vulnerableIs it possible to perform a XSS attack in the title/subtitle of a webpage?How to stop JS from executing when passed in as a parameter to the URL? (no script tags)XSS using User Agent, Possible?How does OWASP ZAP find Reflected XSS?

How many time has Arya actually used Needle?

Can gravitational waves pass through a black hole?

Keyboard layout stuck into CZ_german no english layout after update, restore into original EN_us and EL_Gr ones

Understanding piped command in Gnu/Linux

Centre cell contents vertically

Did any compiler fully use 80-bit floating point?

Fit odd number of triplets in a measure?

Weaponising the Grasp-at-a-Distance spell

systemd and copy (/bin/cp): no such file or directory

Inverse square law not accurate for non-point masses?

Obtaining packet switch-port information via a mirrored port?

Flight departed from the gate 5 min before scheduled departure time. Refund options

Did John Wesley plagiarize Matthew Henry...?

Are there any irrational/transcendental numbers for which the distribution of decimal digits is not uniform?

By what mechanism was the 2017 General Election called?

Is it Possible to Dye Cloth/Leather with Blood?

Updates not showing on Software Updater?

Vertical ranges of Column Plots in 12

Does the main washing effect of soap come from foam?

Simple Line in LaTeX Help!

Does the Rock Gnome trait Artificer's Lore apply when you aren't proficient in History?

Twin's vs. Twins'

Find general formula for the terms

First paper to introduce the "principal-agent problem"



Is XSS in canonical link possible?



Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)XSS triggered but chrome didn't show popup. What exactly was going on?Stored Cross-Site Scripting Without Parentheses or SpacesXSS using JSF**kA possible router XSS vulnerabilityDoubt Vulnerability XSSLink shortener that virtualizes link for reflected XSS?Is this XSS filter vulnerableIs it possible to perform a XSS attack in the title/subtitle of a webpage?How to stop JS from executing when passed in as a parameter to the URL? (no script tags)XSS using User Agent, Possible?How does OWASP ZAP find Reflected XSS?



.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








13















During regular pentesting of my site I discovered that I can close double quotes in a canonical link tag and enter an onerror attribute with a simple javascript alert(1).



enter image description here



It is visible in source code but javascript did not execute.



enter image description here



I also tried with onload event but same result.



Is there a way an attacker can use different payload to execute javascript ?










share|improve this question



















  • 4





    How about a >?

    – Bergi
    Mar 24 at 21:40











  • @Bergi: Could you be more specific ?

    – Rahul
    Mar 25 at 6:54






  • 1





    You say that " is not properly escaped in the link tag attribute. Does it also accept > or < without transforming it to an entity reference?

    – Bergi
    Mar 25 at 7:18











  • @Bergi: No it does not. They are filtered out.

    – Rahul
    Mar 25 at 9:42

















13















During regular pentesting of my site I discovered that I can close double quotes in a canonical link tag and enter an onerror attribute with a simple javascript alert(1).



enter image description here



It is visible in source code but javascript did not execute.



enter image description here



I also tried with onload event but same result.



Is there a way an attacker can use different payload to execute javascript ?










share|improve this question



















  • 4





    How about a >?

    – Bergi
    Mar 24 at 21:40











  • @Bergi: Could you be more specific ?

    – Rahul
    Mar 25 at 6:54






  • 1





    You say that " is not properly escaped in the link tag attribute. Does it also accept > or < without transforming it to an entity reference?

    – Bergi
    Mar 25 at 7:18











  • @Bergi: No it does not. They are filtered out.

    – Rahul
    Mar 25 at 9:42













13












13








13


1






During regular pentesting of my site I discovered that I can close double quotes in a canonical link tag and enter an onerror attribute with a simple javascript alert(1).



enter image description here



It is visible in source code but javascript did not execute.



enter image description here



I also tried with onload event but same result.



Is there a way an attacker can use different payload to execute javascript ?










share|improve this question
















During regular pentesting of my site I discovered that I can close double quotes in a canonical link tag and enter an onerror attribute with a simple javascript alert(1).



enter image description here



It is visible in source code but javascript did not execute.



enter image description here



I also tried with onload event but same result.



Is there a way an attacker can use different payload to execute javascript ?







penetration-test xss






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Mar 24 at 12:39







Rahul

















asked Mar 24 at 12:31









RahulRahul

191211




191211







  • 4





    How about a >?

    – Bergi
    Mar 24 at 21:40











  • @Bergi: Could you be more specific ?

    – Rahul
    Mar 25 at 6:54






  • 1





    You say that " is not properly escaped in the link tag attribute. Does it also accept > or < without transforming it to an entity reference?

    – Bergi
    Mar 25 at 7:18











  • @Bergi: No it does not. They are filtered out.

    – Rahul
    Mar 25 at 9:42












  • 4





    How about a >?

    – Bergi
    Mar 24 at 21:40











  • @Bergi: Could you be more specific ?

    – Rahul
    Mar 25 at 6:54






  • 1





    You say that " is not properly escaped in the link tag attribute. Does it also accept > or < without transforming it to an entity reference?

    – Bergi
    Mar 25 at 7:18











  • @Bergi: No it does not. They are filtered out.

    – Rahul
    Mar 25 at 9:42







4




4





How about a >?

– Bergi
Mar 24 at 21:40





How about a >?

– Bergi
Mar 24 at 21:40













@Bergi: Could you be more specific ?

– Rahul
Mar 25 at 6:54





@Bergi: Could you be more specific ?

– Rahul
Mar 25 at 6:54




1




1





You say that " is not properly escaped in the link tag attribute. Does it also accept > or < without transforming it to an entity reference?

– Bergi
Mar 25 at 7:18





You say that " is not properly escaped in the link tag attribute. Does it also accept > or < without transforming it to an entity reference?

– Bergi
Mar 25 at 7:18













@Bergi: No it does not. They are filtered out.

– Rahul
Mar 25 at 9:42





@Bergi: No it does not. They are filtered out.

– Rahul
Mar 25 at 9:42










1 Answer
1






active

oldest

votes


















12














You can use the same trick as can be used with hidden inputs:




<link rel="canonical" accesskey="X" onclick="alert(1)" />



On Linux, use ALT+SHIFT+X to trigger the payload. IMHO it's enough to report the issue and get it fixed, but it does require some unlikely user interaction.



Other than that, I see no way to exploit this in a modern browser without further code.



While the link tag supports the onload attribute, it only fires when something is successfully loaded, eg:



<link rel="stylesheet" href="http://localhost/test.css" onload="alert(1)">


If your injection were <link href="[user input]" rel="canonical">, then you could exploit it via http://somedomain/somecsssfile.css" rel="stylesheet" onload="alert(1).



The WHATWG spec defines that the first attribute must be used, so it is unlikely that any browser would use the second, so this will not work for your case.



I tried all other event attributes, and none trigger on a normal page load.



This blog post states that this would be exploitable under IE7 and IE8 by injecting a style attribute which then uses an expression to execute JavaScript.



If there is additional JavaScript code that insecurely processes elements, this might also become exploitable (see here for an interesting example).






share|improve this answer

























  • Thanks ! You saved my day. For Windows ALT + X works too. This could be chained with clickjacking (if present in website) to execute Javascript.

    – Rahul
    Mar 24 at 18:09











  • How to fix the issue then?

    – Nigel Fds
    Mar 25 at 0:56






  • 1





    @NigelFds: By filtering out characters like ", < and >.

    – Rahul
    Mar 25 at 6:56







  • 1





    @NigelFds Most - but not all - of the time, you'd want to HTML-encode relevant characters (', ", <, >) when echoing user input. As this is in a URL context, you could also URL-encode the data (see OWASP which also has a good overview of XSS prevention in other contexts, and when encoding of ', ", <, > is not enough).

    – tim
    Mar 25 at 8:56












Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f205975%2fis-xss-in-canonical-link-possible%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









12














You can use the same trick as can be used with hidden inputs:




<link rel="canonical" accesskey="X" onclick="alert(1)" />



On Linux, use ALT+SHIFT+X to trigger the payload. IMHO it's enough to report the issue and get it fixed, but it does require some unlikely user interaction.



Other than that, I see no way to exploit this in a modern browser without further code.



While the link tag supports the onload attribute, it only fires when something is successfully loaded, eg:



<link rel="stylesheet" href="http://localhost/test.css" onload="alert(1)">


If your injection were <link href="[user input]" rel="canonical">, then you could exploit it via http://somedomain/somecsssfile.css" rel="stylesheet" onload="alert(1).



The WHATWG spec defines that the first attribute must be used, so it is unlikely that any browser would use the second, so this will not work for your case.



I tried all other event attributes, and none trigger on a normal page load.



This blog post states that this would be exploitable under IE7 and IE8 by injecting a style attribute which then uses an expression to execute JavaScript.



If there is additional JavaScript code that insecurely processes elements, this might also become exploitable (see here for an interesting example).






share|improve this answer

























  • Thanks ! You saved my day. For Windows ALT + X works too. This could be chained with clickjacking (if present in website) to execute Javascript.

    – Rahul
    Mar 24 at 18:09











  • How to fix the issue then?

    – Nigel Fds
    Mar 25 at 0:56






  • 1





    @NigelFds: By filtering out characters like ", < and >.

    – Rahul
    Mar 25 at 6:56







  • 1





    @NigelFds Most - but not all - of the time, you'd want to HTML-encode relevant characters (', ", <, >) when echoing user input. As this is in a URL context, you could also URL-encode the data (see OWASP which also has a good overview of XSS prevention in other contexts, and when encoding of ', ", <, > is not enough).

    – tim
    Mar 25 at 8:56
















12














You can use the same trick as can be used with hidden inputs:




<link rel="canonical" accesskey="X" onclick="alert(1)" />



On Linux, use ALT+SHIFT+X to trigger the payload. IMHO it's enough to report the issue and get it fixed, but it does require some unlikely user interaction.



Other than that, I see no way to exploit this in a modern browser without further code.



While the link tag supports the onload attribute, it only fires when something is successfully loaded, eg:



<link rel="stylesheet" href="http://localhost/test.css" onload="alert(1)">


If your injection were <link href="[user input]" rel="canonical">, then you could exploit it via http://somedomain/somecsssfile.css" rel="stylesheet" onload="alert(1).



The WHATWG spec defines that the first attribute must be used, so it is unlikely that any browser would use the second, so this will not work for your case.



I tried all other event attributes, and none trigger on a normal page load.



This blog post states that this would be exploitable under IE7 and IE8 by injecting a style attribute which then uses an expression to execute JavaScript.



If there is additional JavaScript code that insecurely processes elements, this might also become exploitable (see here for an interesting example).






share|improve this answer

























  • Thanks ! You saved my day. For Windows ALT + X works too. This could be chained with clickjacking (if present in website) to execute Javascript.

    – Rahul
    Mar 24 at 18:09











  • How to fix the issue then?

    – Nigel Fds
    Mar 25 at 0:56






  • 1





    @NigelFds: By filtering out characters like ", < and >.

    – Rahul
    Mar 25 at 6:56







  • 1





    @NigelFds Most - but not all - of the time, you'd want to HTML-encode relevant characters (', ", <, >) when echoing user input. As this is in a URL context, you could also URL-encode the data (see OWASP which also has a good overview of XSS prevention in other contexts, and when encoding of ', ", <, > is not enough).

    – tim
    Mar 25 at 8:56














12












12








12







You can use the same trick as can be used with hidden inputs:




<link rel="canonical" accesskey="X" onclick="alert(1)" />



On Linux, use ALT+SHIFT+X to trigger the payload. IMHO it's enough to report the issue and get it fixed, but it does require some unlikely user interaction.



Other than that, I see no way to exploit this in a modern browser without further code.



While the link tag supports the onload attribute, it only fires when something is successfully loaded, eg:



<link rel="stylesheet" href="http://localhost/test.css" onload="alert(1)">


If your injection were <link href="[user input]" rel="canonical">, then you could exploit it via http://somedomain/somecsssfile.css" rel="stylesheet" onload="alert(1).



The WHATWG spec defines that the first attribute must be used, so it is unlikely that any browser would use the second, so this will not work for your case.



I tried all other event attributes, and none trigger on a normal page load.



This blog post states that this would be exploitable under IE7 and IE8 by injecting a style attribute which then uses an expression to execute JavaScript.



If there is additional JavaScript code that insecurely processes elements, this might also become exploitable (see here for an interesting example).






share|improve this answer















You can use the same trick as can be used with hidden inputs:




<link rel="canonical" accesskey="X" onclick="alert(1)" />



On Linux, use ALT+SHIFT+X to trigger the payload. IMHO it's enough to report the issue and get it fixed, but it does require some unlikely user interaction.



Other than that, I see no way to exploit this in a modern browser without further code.



While the link tag supports the onload attribute, it only fires when something is successfully loaded, eg:



<link rel="stylesheet" href="http://localhost/test.css" onload="alert(1)">


If your injection were <link href="[user input]" rel="canonical">, then you could exploit it via http://somedomain/somecsssfile.css" rel="stylesheet" onload="alert(1).



The WHATWG spec defines that the first attribute must be used, so it is unlikely that any browser would use the second, so this will not work for your case.



I tried all other event attributes, and none trigger on a normal page load.



This blog post states that this would be exploitable under IE7 and IE8 by injecting a style attribute which then uses an expression to execute JavaScript.



If there is additional JavaScript code that insecurely processes elements, this might also become exploitable (see here for an interesting example).







share|improve this answer














share|improve this answer



share|improve this answer








edited Mar 24 at 21:50

























answered Mar 24 at 15:46









timtim

24.9k674103




24.9k674103












  • Thanks ! You saved my day. For Windows ALT + X works too. This could be chained with clickjacking (if present in website) to execute Javascript.

    – Rahul
    Mar 24 at 18:09











  • How to fix the issue then?

    – Nigel Fds
    Mar 25 at 0:56






  • 1





    @NigelFds: By filtering out characters like ", < and >.

    – Rahul
    Mar 25 at 6:56







  • 1





    @NigelFds Most - but not all - of the time, you'd want to HTML-encode relevant characters (', ", <, >) when echoing user input. As this is in a URL context, you could also URL-encode the data (see OWASP which also has a good overview of XSS prevention in other contexts, and when encoding of ', ", <, > is not enough).

    – tim
    Mar 25 at 8:56


















  • Thanks ! You saved my day. For Windows ALT + X works too. This could be chained with clickjacking (if present in website) to execute Javascript.

    – Rahul
    Mar 24 at 18:09











  • How to fix the issue then?

    – Nigel Fds
    Mar 25 at 0:56






  • 1





    @NigelFds: By filtering out characters like ", < and >.

    – Rahul
    Mar 25 at 6:56







  • 1





    @NigelFds Most - but not all - of the time, you'd want to HTML-encode relevant characters (', ", <, >) when echoing user input. As this is in a URL context, you could also URL-encode the data (see OWASP which also has a good overview of XSS prevention in other contexts, and when encoding of ', ", <, > is not enough).

    – tim
    Mar 25 at 8:56

















Thanks ! You saved my day. For Windows ALT + X works too. This could be chained with clickjacking (if present in website) to execute Javascript.

– Rahul
Mar 24 at 18:09





Thanks ! You saved my day. For Windows ALT + X works too. This could be chained with clickjacking (if present in website) to execute Javascript.

– Rahul
Mar 24 at 18:09













How to fix the issue then?

– Nigel Fds
Mar 25 at 0:56





How to fix the issue then?

– Nigel Fds
Mar 25 at 0:56




1




1





@NigelFds: By filtering out characters like ", < and >.

– Rahul
Mar 25 at 6:56






@NigelFds: By filtering out characters like ", < and >.

– Rahul
Mar 25 at 6:56





1




1





@NigelFds Most - but not all - of the time, you'd want to HTML-encode relevant characters (', ", <, >) when echoing user input. As this is in a URL context, you could also URL-encode the data (see OWASP which also has a good overview of XSS prevention in other contexts, and when encoding of ', ", <, > is not enough).

– tim
Mar 25 at 8:56






@NigelFds Most - but not all - of the time, you'd want to HTML-encode relevant characters (', ", <, >) when echoing user input. As this is in a URL context, you could also URL-encode the data (see OWASP which also has a good overview of XSS prevention in other contexts, and when encoding of ', ", <, > is not enough).

– tim
Mar 25 at 8:56


















draft saved

draft discarded
















































Thanks for contributing an answer to Information Security Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f205975%2fis-xss-in-canonical-link-possible%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Færeyskur hestur Heimild | Tengill | Tilvísanir | LeiðsagnarvalRossið - síða um færeyska hrossið á færeyskuGott ár hjá færeyska hestinum

He _____ here since 1970 . Answer needed [closed]What does “since he was so high” mean?Meaning of “catch birds for”?How do I ensure “since” takes the meaning I want?“Who cares here” meaningWhat does “right round toward” mean?the time tense (had now been detected)What does the phrase “ring around the roses” mean here?Correct usage of “visited upon”Meaning of “foiled rail sabotage bid”It was the third time I had gone to Rome or It is the third time I had been to Rome

Slayer Innehåll Historia | Stil, komposition och lyrik | Bandets betydelse och framgångar | Sidoprojekt och samarbeten | Kontroverser | Medlemmar | Utmärkelser och nomineringar | Turnéer och festivaler | Diskografi | Referenser | Externa länkar | Navigeringsmenywww.slayer.net”Metal Massacre vol. 1””Metal Massacre vol. 3””Metal Massacre Volume III””Show No Mercy””Haunting the Chapel””Live Undead””Hell Awaits””Reign in Blood””Reign in Blood””Gold & Platinum – Reign in Blood””Golden Gods Awards Winners”originalet”Kerrang! Hall Of Fame””Slayer Looks Back On 37-Year Career In New Video Series: Part Two””South of Heaven””Gold & Platinum – South of Heaven””Seasons in the Abyss””Gold & Platinum - Seasons in the Abyss””Divine Intervention””Divine Intervention - Release group by Slayer””Gold & Platinum - Divine Intervention””Live Intrusion””Undisputed Attitude””Abolish Government/Superficial Love””Release “Slatanic Slaughter: A Tribute to Slayer” by Various Artists””Diabolus in Musica””Soundtrack to the Apocalypse””God Hates Us All””Systematic - Relationships””War at the Warfield””Gold & Platinum - War at the Warfield””Soundtrack to the Apocalypse””Gold & Platinum - Still Reigning””Metallica, Slayer, Iron Mauden Among Winners At Metal Hammer Awards””Eternal Pyre””Eternal Pyre - Slayer release group””Eternal Pyre””Metal Storm Awards 2006””Kerrang! Hall Of Fame””Slayer Wins 'Best Metal' Grammy Award””Slayer Guitarist Jeff Hanneman Dies””Bullet-For My Valentine booed at Metal Hammer Golden Gods Awards””Unholy Aliance””The End Of Slayer?””Slayer: We Could Thrash Out Two More Albums If We're Fast Enough...””'The Unholy Alliance: Chapter III' UK Dates Added”originalet”Megadeth And Slayer To Co-Headline 'Canadian Carnage' Trek”originalet”World Painted Blood””Release “World Painted Blood” by Slayer””Metallica Heading To Cinemas””Slayer, Megadeth To Join Forces For 'European Carnage' Tour - Dec. 18, 2010”originalet”Slayer's Hanneman Contracts Acute Infection; Band To Bring In Guest Guitarist””Cannibal Corpse's Pat O'Brien Will Step In As Slayer's Guest Guitarist”originalet”Slayer’s Jeff Hanneman Dead at 49””Dave Lombardo Says He Made Only $67,000 In 2011 While Touring With Slayer””Slayer: We Do Not Agree With Dave Lombardo's Substance Or Timeline Of Events””Slayer Welcomes Drummer Paul Bostaph Back To The Fold””Slayer Hope to Unveil Never-Before-Heard Jeff Hanneman Material on Next Album””Slayer Debut New Song 'Implode' During Surprise Golden Gods Appearance””Release group Repentless by Slayer””Repentless - Slayer - Credits””Slayer””Metal Storm Awards 2015””Slayer - to release comic book "Repentless #1"””Slayer To Release 'Repentless' 6.66" Vinyl Box Set””BREAKING NEWS: Slayer Announce Farewell Tour””Slayer Recruit Lamb of God, Anthrax, Behemoth + Testament for Final Tour””Slayer lägger ner efter 37 år””Slayer Announces Second North American Leg Of 'Final' Tour””Final World Tour””Slayer Announces Final European Tour With Lamb of God, Anthrax And Obituary””Slayer To Tour Europe With Lamb of God, Anthrax And Obituary””Slayer To Play 'Last French Show Ever' At Next Year's Hellfst””Slayer's Final World Tour Will Extend Into 2019””Death Angel's Rob Cavestany On Slayer's 'Farewell' Tour: 'Some Of Us Could See This Coming'””Testament Has No Plans To Retire Anytime Soon, Says Chuck Billy””Anthrax's Scott Ian On Slayer's 'Farewell' Tour Plans: 'I Was Surprised And I Wasn't Surprised'””Slayer””Slayer's Morbid Schlock””Review/Rock; For Slayer, the Mania Is the Message””Slayer - Biography””Slayer - Reign In Blood”originalet”Dave Lombardo””An exclusive oral history of Slayer”originalet”Exclusive! Interview With Slayer Guitarist Jeff Hanneman”originalet”Thinking Out Loud: Slayer's Kerry King on hair metal, Satan and being polite””Slayer Lyrics””Slayer - Biography””Most influential artists for extreme metal music””Slayer - Reign in Blood””Slayer guitarist Jeff Hanneman dies aged 49””Slatanic Slaughter: A Tribute to Slayer””Gateway to Hell: A Tribute to Slayer””Covered In Blood””Slayer: The Origins of Thrash in San Francisco, CA.””Why They Rule - #6 Slayer”originalet”Guitar World's 100 Greatest Heavy Metal Guitarists Of All Time”originalet”The fans have spoken: Slayer comes out on top in readers' polls”originalet”Tribute to Jeff Hanneman (1964-2013)””Lamb Of God Frontman: We Sound Like A Slayer Rip-Off””BEHEMOTH Frontman Pays Tribute To SLAYER's JEFF HANNEMAN””Slayer, Hatebreed Doing Double Duty On This Year's Ozzfest””System of a Down””Lacuna Coil’s Andrea Ferro Talks Influences, Skateboarding, Band Origins + More””Slayer - Reign in Blood””Into The Lungs of Hell””Slayer rules - en utställning om fans””Slayer and Their Fans Slashed Through a No-Holds-Barred Night at Gas Monkey””Home””Slayer””Gold & Platinum - The Big 4 Live from Sofia, Bulgaria””Exclusive! Interview With Slayer Guitarist Kerry King””2008-02-23: Wiltern, Los Angeles, CA, USA””Slayer's Kerry King To Perform With Megadeth Tonight! - Oct. 21, 2010”originalet”Dave Lombardo - Biography”Slayer Case DismissedArkiveradUltimate Classic Rock: Slayer guitarist Jeff Hanneman dead at 49.”Slayer: "We could never do any thing like Some Kind Of Monster..."””Cannibal Corpse'S Pat O'Brien Will Step In As Slayer'S Guest Guitarist | The Official Slayer Site”originalet”Slayer Wins 'Best Metal' Grammy Award””Slayer Guitarist Jeff Hanneman Dies””Kerrang! Awards 2006 Blog: Kerrang! Hall Of Fame””Kerrang! Awards 2013: Kerrang! Legend”originalet”Metallica, Slayer, Iron Maien Among Winners At Metal Hammer Awards””Metal Hammer Golden Gods Awards””Bullet For My Valentine Booed At Metal Hammer Golden Gods Awards””Metal Storm Awards 2006””Metal Storm Awards 2015””Slayer's Concert History””Slayer - Relationships””Slayer - Releases”Slayers officiella webbplatsSlayer på MusicBrainzOfficiell webbplatsSlayerSlayerr1373445760000 0001 1540 47353068615-5086262726cb13906545x(data)6033143kn20030215029