Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Iframe bursting
Posted by: SpoofGhost
Date: June 01, 2010 04:17PM

Hi there all,

i haven't showed myself lately

and I hope my english is readable grammar isn't one of my strongest points ;p

but I came up with something wich might already has been used or
already has been tought about.
Anyway I don't know so I just trow it here to see wether I get some response :).

its about the iFrame bursting thing.

How well can this be used the bad way? I know it is used to burst out of iframe
inclusion.

so for example, we get a user to enter a xss hole in any form normaly if we want to keep controll over that person it is likely to setup an iframe and cover up the whole page so no one notice it.

tho the problem here is that still in the url bar the path if the user is moving to another page dosn't change..

well we could actually transfer our "shell/payload" into the iframe and with it we could send the iframeburst wich will lead to the actual page so also the user url page is changed.

i'm also researching crossdomain option. but i recently started this so i don't have that mutch info about it.

did anyone already came up with such a technique?


yours spoof

Options: ReplyQuote
Re: Iframe bursting
Posted by: SpoofGhost
Date: June 01, 2010 04:34PM

about the cross domain thing.

i don't think it is possible becouse you have to inject code into another site wich you do not have acces to. wich is a good thing ofcourse.

i'm still testing tho



Edited 1 time(s). Last edit at 06/01/2010 04:59PM by SpoofGhost.

Options: ReplyQuote
Re: Iframe bursting
Posted by: PaPPy
Date: June 01, 2010 06:53PM

What about beef?

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: Iframe bursting
Posted by: Neo139
Date: June 04, 2010 04:22PM

If you have found xss in a page, you could use frame bursting code to redirect the person to your page.

At least for me, it is the owner of the page that put the frame burst code in his own page, so (among other things) this make difficult for the attacker to execute a propper and silent xss. Because if that page is loaded inside an iframe, the browser will burst out of the iframe before execute the actual js code you injected. Check my other thread here in this forum I had exactly that problem. I found javascript codes for anti bursting, they work, but after the execution of the javascript anti bursting code, the loading of the page gets aborted, so its not useful for xss.

Options: ReplyQuote
Re: Iframe bursting
Posted by: SpoofGhost
Date: June 06, 2010 05:20PM

@ pappy, not sure if they use such a technique and i'm also not quite sure if i can mange to work. but if i do it would be quite a flaw. at first i tought it would work but that seems not the case so i have to figuere out if it is possible at all.
in some cases i'm sure it would be if you are able, like for example a page where you already know that a presistend xss bug exists in that case you can just post it to that page afther that you can let it explode the frame.



@ ne0139.

that isn't exactly what i was talking about.
Its more like exploiting the frame bursting code rather then stopping the frame burst. The thing i'm trying to get accomplished is to let the frame burst afther i injected code to the desired page, so the URL bar is getting update wich would be great for stealth ofcourse alot of people would not get suspicous if they see in the URL bar www.somesite.com/page1 even tho they clicked a link to /page2.
anyway it would be alot nicer if there where actually standing /page2
that why they could never see unless they know the source code and see that it is diffrent then usual.. even so it's hard to know for common i-net users.

Options: ReplyQuote


Sorry, only registered users may post in this forum.