Cross domain script injection

sla.ckers.org is
ha.ckers sla.cking

Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback.

Go to Topic: Previous•Next

Go to: Forum List•Message List•New Topic•Search•Log In

Cross domain script injection

Posted by: Fetch

Date: May 27, 2011 09:01PM

Hello,

Recently I came across a site that seems to have found a way to cause modal popups to get generated on domains (other than their own) by having the other domains include this single script tag:

<script src="http://ips-invite.iperceptions.com/webValidator.aspx?sdfc=5eee1f8c-52481-a0d314bd-9ae2-4304-a3f1-d97f21899083&lID=1&loc=STUDY&cD=90
&rF=True&iType=1&domainname=0"
type="text/javascript" defer="defer" >
</script>

It's just a crappy survey popup. But, I've been trying to figure out how this is done and am stumped. The closest I could get to something similar was JSONP - but that is clearly not what they are doing.

Does anyone know how this is done?
Thanks!

Options: Reply•Quote

Re: Cross domain script injection

Posted by: Skyphire

Date: June 04, 2011 01:54AM

Can you post the sites? kinda hard to tell from this alone.

Options: Reply•Quote

Go to: Forum List•Message List•Search•Log In

Sorry, only registered users may post in this forum.

Click here to login