Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Cross domain script injection
Posted by: Fetch
Date: May 27, 2011 09:01PM

Hello,

Recently I came across a site that seems to have found a way to cause modal popups to get generated on domains (other than their own) by having the other domains include this single script tag:

<script src="http://ips-invite.iperceptions.com/webValidator.aspx?sdfc=5eee1f8c-52481-a0d314bd-9ae2-4304-a3f1-d97f21899083&lID=1&loc=STUDY&cD=90
&rF=True&iType=1&domainname=0"
type="text/javascript" defer="defer" >
</script>

It's just a crappy survey popup. But, I've been trying to figure out how this is done and am stumped. The closest I could get to something similar was JSONP - but that is clearly not what they are doing.

Does anyone know how this is done?
Thanks!

Options: ReplyQuote
Re: Cross domain script injection
Posted by: Skyphire
Date: June 04, 2011 01:54AM

Can you post the sites? kinda hard to tell from this alone.

Options: ReplyQuote


Sorry, only registered users may post in this forum.