Hi there all, i haven't showed myself lately and I hope my english is readable grammar isn't one of my strongest points ;p but I came up with something wich might already has been used or already has been tought about. Anyway I don't know so I just trow it here to see wether I get some response :). its about the iFrame bursting thing. How well can this be used the bad way? I know it is used to burst out of iframe inclusion. so for example, we get a user to enter a xss hole in any form normaly if we want to keep controll over that person it is likely to setup an iframe and cover up the whole page so no one notice it. tho the problem here is that still in the url bar the path if the user is moving to another page dosn't change.. well we could actually transfer our "shell/payload" into the iframe and with it we could send the iframeburst wich will lead to the actual page so also the user url page is changed. i'm also researching crossdomain option. but i recently started this so i don't have that mutch info about it. did anyone already came up with such a technique? yours spoof http://sla.ckers.org/forum/read.php?2,34599,34599#msg-34599 Tue, 21 May 2013 20:51:36 -0500 Phorum 5.2.15a http://sla.ckers.org/forum/read.php?2,34599,34643#msg-34643 http://sla.ckers.org/forum/read.php?2,34599,34643#msg-34643 in some cases i'm sure it would be if you are able, like for example a page where you already know that a presistend xss bug exists in that case you can just post it to that page afther that you can let it explode the frame.



@ ne0139.

that isn't exactly what i was talking about.
Its more like exploiting the frame bursting code rather then stopping the frame burst. The thing i'm trying to get accomplished is to let the frame burst afther i injected code to the desired page, so the URL bar is getting update wich would be great for stealth ofcourse alot of people would not get suspicous if they see in the URL bar www.somesite.com/page1 even tho they clicked a link to /page2.
anyway it would be alot nicer if there where actually standing /page2
that why they could never see unless they know the source code and see that it is diffrent then usual.. even so it's hard to know for common i-net users.]]> SpoofGhost XSS Info Sun, 06 Jun 2010 17:20:07 -0500 http://sla.ckers.org/forum/read.php?2,34599,34627#msg-34627 http://sla.ckers.org/forum/read.php?2,34599,34627#msg-34627
At least for me, it is the owner of the page that put the frame burst code in his own page, so (among other things) this make difficult for the attacker to execute a propper and silent xss. Because if that page is loaded inside an iframe, the browser will burst out of the iframe before execute the actual js code you injected. Check my other thread here in this forum I had exactly that problem. I found javascript codes for anti bursting, they work, but after the execution of the javascript anti bursting code, the loading of the page gets aborted, so its not useful for xss.]]> Neo139 XSS Info Fri, 04 Jun 2010 16:22:44 -0500 http://sla.ckers.org/forum/read.php?2,34599,34601#msg-34601 http://sla.ckers.org/forum/read.php?2,34599,34601#msg-34601 PaPPy XSS Info Tue, 01 Jun 2010 18:53:26 -0500 http://sla.ckers.org/forum/read.php?2,34599,34600#msg-34600 http://sla.ckers.org/forum/read.php?2,34599,34600#msg-34600
i don't think it is possible becouse you have to inject code into another site wich you do not have acces to. wich is a good thing ofcourse.

i'm still testing tho]]> SpoofGhost XSS Info Tue, 01 Jun 2010 16:34:57 -0500 http://sla.ckers.org/forum/read.php?2,34599,34599#msg-34599 http://sla.ckers.org/forum/read.php?2,34599,34599#msg-34599
i haven't showed myself lately

and I hope my english is readable grammar isn't one of my strongest points ;p

but I came up with something wich might already has been used or
already has been tought about.
Anyway I don't know so I just trow it here to see wether I get some response :).

its about the iFrame bursting thing.

How well can this be used the bad way? I know it is used to burst out of iframe
inclusion.

so for example, we get a user to enter a xss hole in any form normaly if we want to keep controll over that person it is likely to setup an iframe and cover up the whole page so no one notice it.

tho the problem here is that still in the url bar the path if the user is moving to another page dosn't change..

well we could actually transfer our "shell/payload" into the iframe and with it we could send the iframeburst wich will lead to the actual page so also the user url page is changed.

i'm also researching crossdomain option. but i recently started this so i don't have that mutch info about it.

did anyone already came up with such a technique?


yours spoof]]> SpoofGhost XSS Info Tue, 01 Jun 2010 16:17:39 -0500