An iframe injection is an injection of one or more iframe tags into a page’s content. The iframe typically does something bad, such as downloading an executable application that contains a virus or worm in it… something that compromises a visitor’s system.
If you have a very recent browser (like Firefox 2) then iframe injections aren’t really a worry — these browsers are smart enough not to automatically download and run applications without your permission. But older browsers are more trusting.
Using this vulnerability we can manipulate and redirect the site to show the user what we want to show them.
As you can see in the URL the site is accessing the robots.txt, but if put any site URL it will start showing the content of that site in this web page.
Using this iframe injection vulnerability, we can manipulate what content to show to our victim, or maybe make him to login to our spoofed Phishing Site.
Twitter / Hack The Box / CTF Team / Teck_N00bs Community Telegram
Comments