|
 |
|
Multiple Browsers Frame Injection Vulnerability Test
|
|
Frame Injection Vulnerability "History":
1998-12-01 - Initially reported around December 1998 in most browsers.
2004-06-30 - Internet Explorer vulnerability re-discovered.
2004-07-01 - Multiple Browsers vulnerability re-discovered.
2005-06-06 - Mozilla / FireFox vulnerability re-discovered again.
2005-06-06 - Camino vulnerability re-discovered again
Test Your Browser
1)
Open a trusted site, this could be a bank, ecommerce site, windowsupdate etc. In this example, we have used Microsoft Developer Network. First, click the link below and leave the new window open, then click back to this window.
Click Here:
http://msdn.microsoft.com/library/default.asp
Please note, for this example to work in Opera, the browser has to identify itself as "Mozilla" or "Internet Explorer", because "msdn.microsoft.com" will not return the same content if Opera identifies itself as Opera.
2)
After the other window has been opened, it is possible for another site to inject a page into the "trusted" site's frameset. In our example, we inject content from Secunia.com into Microsoft.com.
Click Here:
Inject Secunia.com into Microsoft.com
3)
Now, open the window from Microsoft.com (Opened in step 1), and if your browser is vulnerable, content from Secunia will be displayed in one of the frames.
NOTES:
This test does not work in Mozilla, FireFox, and Camino when opening the web pages in a new tab instead of a window.
Exploitation can easily be made "automatic". However, since this example only serves as a test to give users an understanding of how it works, we have chosen not to do so.
Make sure you are informed about all security vulnerabilities. Subscribe to the Secunia Security Advisories List.
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
