If we consider the social networking platforms, they allow users and developers to incorporate third-party web pages into their fan pages and other apps using iframes.Īttackers often exploit this feature by using these incorporated iframes for phishing attacks.īy default, content from an iframe can trigger top-level navigation. In that case, it’s important to investigate it and eliminate it from the website or database as soon as possible. So, suppose you find an iframe in your HTML and realize that it’s something not put by you. So next, we can use a hex decoder to decrypt it, and the final output will look like below. However, the digits and letters appear to be HEX. If you decode it using the JavaScript decoding function, the output will look like this: #wp / GPL Īgain, it appears to be legit because the attacker has used the terms “GPL” “wp” and the language type as “Javascript”. It appears to be a common and relevant code for this site. All you need to do is open a page in your browser and then enable the “view source” feature to see the HTML. We can find the iframe injections by scanning the HTML that your web server sends. This behavior allows 3rd parties to inject malicious executables, viruses, or worms into your application and execute them in user’s devices. Iframes use multiple tags to display HTML documents on web pages and redirect users to different web addresses. Iframe injection is a very common cross-site scripting attack.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |