Feed on Posts or Comments | Font Size: Decrease Font Size Increase Font Size 28 November 2024

Filed under: Phishing, Privacy, Security News, XSS
posted by D1m on 28 Mar 2007 03:59 am

Cross-Site Framed?

Have you heard of cross-site framing? The past few days I saw listed on our archive, several websites vulnerable to cross-site framing – listed as frame redirection. I will briefly describe a possible exploitation scenario, concluding with more emphasis on the negative impact that this type of vulnerability can have to the privacy of innocent individuals who are users of the affected websites.

Using google-dorks, the attackers can search for frame scripts allowing the inclusion of any url. This search reveals thousands of results with too many websites vulnerable to cross-site framing:

allinurl:”url=http” “frame”

inurl:frame filetype:asp  inurl:”url=”
inurl:frame filetype:aspx inurl:”url=”
inurl:frame filetype:php  inurl:”url=”
inurl:frame filetype:cfm  inurl:”url=”

inurl:iframe filetype:asp  inurl:”url=”
inurl:iframe filetype:aspx inurl:”url=”
inurl:iframe filetype:php  inurl:”url=”
inurl:iframe filetype:cfm  inurl:”url=”

allinurl:http frame.asp
allinurl:http frame.aspx
allinurl:http frame.php
allinurl:http frame.cfm

allinurl:frame.php?url=http
allinurl:frame.asp?url=http

Phishing and other scams are now easier to perform due to cross-site framing.
Having found such frame scripts, allows the attackers to include a webpage which is hosted somewhere else. This webpage can be designed to look like the original website and can be any cross-platform server-side script. It can contain a fake login form which on submit parses the inputted usernames and passwords and sends them to the attacker’s mailbox in cleartext format.

It is also possible to perform XSS attacks as in most cases there is no filtering of special characters, script or other common tags in the URL parameter.

Daniel Hugh mailed us about a cross-site framing and scripting vulnerability affecting Gov.MT (Official website of the Government of Malta):

Gov.MT with Frame Redirect and XSS

The XSS vulnerabilities affecting websites can also be used to perform frame redirects, but not the contrary. So if you submit a website vulnerable to cross-site framing along with a XSS attack vector, we will publish it as XSS.

The above news were written in order to heighten the awareness of potential privacy threats to users of the web.

You can also access this blog post  from XSSed.com – a project I run with Kevin Fernandez.

Here is the link:

http://www.xssed.com/news/26/Cross-site_framed/

Trackback This Post | Subscribe to the comments through RSS Feed

Leave a Comment