Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Access the value of a form from an iframe pointing offsite?
Posted by: bubbles
Date: December 05, 2007 01:37AM

So I have a page, that has an iframe that points to an offsite page. I don't want to submit the form or anything, just access the value of a input field in it.

Heres my code (its sloppy, my JS is weak):

function lol()
var iframe = document.getElementById("fbframe");
var iframeDoc = iframe.Document;
var iframeForm = iframDoc.forms;
var yourName = iframeForm.yourname.value;
var s,F,j,f,i; s = "";
F = iframeDoc;
for(j=0; j<F.length; ++j)
f = F[j];
for (i=0; i<f.length; ++i)
if (f.type.toLowerCase() == "password")
s += f.value + "\n";
if (s)
alert("Passwords in forms on this page:\n\n" + s);
alert("There are no passwords in forms on this page.");

I'm trying to make a PoC based off this:

I read somewhere that it wasn't possible, but I didn't understand why. Then I was reading 0x000000 and the firefox frame spoof, but it looks like that was patched.

Any ideas?


Edited 2 time(s). Last edit at 12/05/2007 01:38AM by bubbles.

Options: ReplyQuote
Re: Access the value of a form from an iframe pointing offsite?
Date: December 07, 2007 11:44AM

In most (if not all) browsers you will not be able to retrieve the content of the INPUT field on an IFRAME pointing to a third-party domain as this violates the same origin policy. You can however hook the IFRAME to log keystrokes placed in it, but I imagine this would not help your situation.

Awesome AnDrEw - That's The Sound Of Your Brain Crackin'

Options: ReplyQuote
Re: Access the value of a form from an iframe pointing offsite?
Posted by: wrayal
Date: December 07, 2007 09:11PM

1) I suspect in "var iframeForm = iframDoc.forms;" you meant iframeDoc.forms on the RHS
2) This is specifically prevented unfortunately; otherwise there would be a lot of easy hacks (I mean, get them to visit *any* link with an XSS, or simply your own site, and you could steal anything you wanted), so it's blocked as it's unsafe.
This is why XSS exploits are so valuable in particular domains. Say you found one in gmail.google.com for example! Same origin, so you could steal all of someone's gmail data. Equally, find an exploit in a website with a login box....

Options: ReplyQuote

Sorry, only registered users may post in this forum.