WhatIs.techtarget.com, "In early 2008, hackers seeded Internet search results with malicious IFrame code, leading toIFrame overlay attacks on many prominent websites, including those for USA Today and ABC News. The attackers inserted IFrame code into the saved search results of legitimate websites. When a visitor clicked on a link from the compromised search tool, he would be redirected to a malicious website by the IFrame code. The unsuspecting user's computer would then be vulnerable to the automatic download of malware."
Our friends over at ehacking.net have illustrated how to exploit an Iframe vulnerability, here's a sneak peek:
<iframe src=”http://www.ehacking.net”></iframe>
The above statement shows how to display another website within a website.
Example 2:
<iframe src=’http://ehacking.net/’ width=’500′ height=’600′ style=’visibility: hidden;’></iframe>
Width and height of an iframe has been defined, but since the frame visibility is hidden there is no physical presence of Infosec Institute’s website. This technique is not used by the attacker because the frame occupies the area (width and height).
<iframe src=’http://ehacking.net/’ width=’1′ height=’1′ style=’visibility: hidden;’></iframe>
Now it is completely hidden from the user’s eye, but the iframe is working as normal. Look at the picture below.
Click here to read the article in its entirety.
@ITSecPr0
No comments:
Post a Comment