[Javascript] Get iframe html

Discuss the many weaknesses of browser security and ways to mitigate the threat

Re: [Javascript] Get iframe html

Post by TheJjokerR on Fri May 20, 2011 3:58 pm
([msg=57621]see Re: [Javascript] Get iframe html[/msg])

Goatboy wrote:
TheJjokerR wrote:The site I'm trying to exploit ...

Careful now.


"It's my own site"

"Why are there quotes around my posts?"

Anyways, I'll just use a bookmark to get the information needed and send it through an iframe.
TheJjokerR
New User
New User
 
Posts: 6
Joined: Fri May 20, 2011 1:21 am
Blog: View Blog (0)


Re: [Javascript] Get iframe html

Post by Gamemania on Sat May 21, 2011 3:14 am
([msg=57631]see Re: [Javascript] Get iframe html[/msg])

TheJjokerR wrote:
Gamemania wrote:That would be plainly impossible
Because if that was possible, every user's account on every site would be hacked by just embbeding an iframe and steal the frame's information


Ok, well it wouldn't get everyones account hacked, seeing how you wouldn't be able to see the password anywhere.


You forgot document.cookie?
And the fact that 9/10 of those sites that need password usually have a profile page that displays most information you need to hack someone's account

On to topic
If you want to remain a session, search up the cookie for something like PHPSESSID, that should get you what you need
But if you want someone else's session, that's not the approach you are looking for
Gamemania
New User
New User
 
Posts: 4
Joined: Tue May 17, 2011 3:43 am
Blog: View Blog (0)


Re: [Javascript] Get iframe html

Post by errk on Mon Aug 08, 2011 7:33 pm
([msg=60689]see Re: [Javascript] Get iframe html[/msg])

Gamemania wrote:You forgot document.cookie?


document.cookie will only work if he can get a XSS working. However, I don't think that's the case here. From my understanding (correct me if I'm wrong), Joker wants to get the user to visit a third party site, and get the third party site to iframe the victim site, then read into the iframe. This is not possible to do in any browsers because it violates the Same Origin Policy (the basis of web security).
errk
New User
New User
 
Posts: 2
Joined: Mon Aug 08, 2011 7:17 pm
Blog: View Blog (0)


Re: [Javascript] Get iframe html

Post by tremor77 on Tue Aug 09, 2011 1:49 pm
([msg=60714]see Re: [Javascript] Get iframe html[/msg])

Why are you trying to use an Iframe in the first place? You could use standard frames and set frame target names... or you could import the page data using a php include. Ultimately the best approach would be to try use some sort of CURL page grab - I'm thinking about a PHP class I was writing (and lost somewhere) that worked as a proxy login to HTS (it was marginally effective - i never polished it off - my original intent was to use it to dictionary attack my own account). Still chances are what you're trying to do is not possible.
Image
User avatar
tremor77
Contributor
Contributor
 
Posts: 862
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Previous

Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests