possibility on xss via iframe
Say you have a website where you can inject iframes due to non-sanitized
input. Let's name this site the following:
http://www.vulnerable.com
Now we have a hosted page on:
http://www.page.com/page.html
`page.html` contains javascript code used to make an alert box.
Now is it possible to somehow break out of the iframe injected into
http://www.vulnerable.com and launch the javascript code on
http://www.vulnerable.com instead of it just being launched from
http://www.page.com? The typical iframe code in this case would be:
<iframe src="http://www.page.com/page.html" width="1" height="1"></iframe>
Thanks to anyone who can help.
No comments:
Post a Comment