Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

How to parse the utilization of iFrame injection

2025-01-30 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >

Share

Shulou(Shulou.com)06/01 Report--

This article shows you how to analyze the use of iFrame injection, the content is concise and easy to understand, it will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

IFrame injection is a very common cross-site scripting attack. It includes one or more iframe codes that have been inserted into the page or article content, or generally download an executable program or perform other actions to make the site visitor's computer compromise. At best, Google may mark the site as "malicious". In the worst case, site owners and visitors end up using malware-infected computers.

IFrame injection occurs when an iFrame on a fragile web page displays another web page through a user-controllable input.

GET/search.jsp?query=%3Ciframe%20src=%22 https://google.com/?%22%3E%3C/iframe%3E HTTP/1.1

Different browsers use different payload:

(IE) (Firefox, Chrome, Safari)

A variety of uses are as follows:

(IE) (IE) (Firefox, Chrome, Safari) (Firefox, Chrome, Safari) http://target.com/something.jsp?query=eval(location.hash.slice(1))#alert(1)

Accepting user-supplied data as the iframe source URL may cause malicious content to be loaded in the Visualforce page.

IFrame spoofing vulnerabilities occur in the following situations:

1. Data enters the web application through untrusted sources.

2. The data is used as an iframe URL without validation.

In this way, if an attacker provides the victim with an iframesrc parameter set as a malicious Web site, the framework will be rendered along with the content of the malicious Web site.

The above is how to analyze the use of iFrame injection. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Content malicious website situation data web pages differences skills articles methods users knowledge programs attacks concise bad fragile concise code logo vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple MariaDB Shulou Information NVidia macOS vpn Microsoft OPPO Reno Docker Xiaomi Shulou Technology Apple Huawei Linux Redmi Shulou Tech Info MySQL MariaDB Shulou Information NVidia macOS vpn Microsoft OPPO Reno Docker Xiaomi Shulou Technology Apple Huawei Linux Redmi Shulou Tech Info MySQL

Share To

Related

Internet Technology

More Internet Technology >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report