iFrame Injection

07 Feb 2018 Web-Pentesting


An iframe injection is an injection of one or more iframe tags into a page’s content. The iframe typically does something bad, such as downloading an executable application that contains a virus or worm in it… something that compromises a visitor’s system.
If you have a very recent browser (like Firefox 2) then iframe injections aren’t really a worry — these browsers are smart enough not to automatically download and run applications without your permission. But older browsers are more trusting.
Using this vulnerability we can manipulate and redirect the site to show the user what we want to show them.

More …