I've been trying to break this up for a few hours now but with no success... I am pretty desperate now :(
I am doing penetration testing for a pany and I need to bypass this frame killer JS:
<script type="text/javascript">/* <![CDATA[ */
if (top != self) {
try {
if (parent != top) {
throw 1;
}
var disallowed = ['XXXXXXX'];
var href = top.location.href.toLowerCase();
for (var i = 0; i < disallowed.length; i++) {
if (href.indexOf(disallowed[i]) >= 0) {
throw 1;
}
}
} catch (e) {
try {
window.document.getElementsByTagName('head')[0].innerHTML = '';
} catch (e) { /* IE */
var htmlEl = document.getElementsByTagName('html')[0];
htmlEl.removeChild(document.getElementsByTagName('head')[0]);
var el = document.createElement('head');
htmlEl.appendChild(el);
}
window.document.body.innerHTML = '<a href="#" onclick="top.location.href=window.location.href" style="text-decoration:none;"><img src=".gif" style="border:0px;" /><br />Go to XXXXXXX</a>';
}
}
/* ]]> */</script>
Thank you very much!
I've been trying to break this up for a few hours now but with no success... I am pretty desperate now :(
I am doing penetration testing for a pany and I need to bypass this frame killer JS:
<script type="text/javascript">/* <![CDATA[ */
if (top != self) {
try {
if (parent != top) {
throw 1;
}
var disallowed = ['XXXXXXX.'];
var href = top.location.href.toLowerCase();
for (var i = 0; i < disallowed.length; i++) {
if (href.indexOf(disallowed[i]) >= 0) {
throw 1;
}
}
} catch (e) {
try {
window.document.getElementsByTagName('head')[0].innerHTML = '';
} catch (e) { /* IE */
var htmlEl = document.getElementsByTagName('html')[0];
htmlEl.removeChild(document.getElementsByTagName('head')[0]);
var el = document.createElement('head');
htmlEl.appendChild(el);
}
window.document.body.innerHTML = '<a href="#" onclick="top.location.href=window.location.href" style="text-decoration:none;"><img src="http://www.XXXXXXX./img/XXXXXX.gif" style="border:0px;" /><br />Go to XXXXXXX.</a>';
}
}
/* ]]> */</script>
Thank you very much!
Share Improve this question edited Feb 19, 2012 at 13:42 Pointy 414k62 gold badges595 silver badges629 bronze badges asked Feb 19, 2012 at 13:35 Gavriel DorinoGavriel Dorino 411 gold badge2 silver badges4 bronze badges 5- 3 Bro, you need to indent that code. I cant read that – Roderick Obrist Commented Feb 19, 2012 at 13:38
- Ohh sorry... I thought it will auto indent. I see now that Pointy did it for me. Thank you! – Gavriel Dorino Commented Feb 19, 2012 at 13:48
- 1 They use a disallowed list and not an allowed list? That doesn't seem very secure. (Do you have permission to be posting this? A penetration test doesn't usually include sharing the code on the net) – Jeanne Boyarsky Commented Mar 4, 2012 at 15:06
- I have changed the code a little and deleted their names. anyway, similar code is published on the internet as a solution for ClickJacking, they just modified it a little. So there is nothing secret here. – Gavriel Dorino Commented Mar 6, 2012 at 8:07
- The sandbox and security attributes can prevent this. – Paul Sweatte Commented Dec 29, 2012 at 1:26
1 Answer
Reset to default 1Use one of the following:
- IP Address instead of domain name to bypass the disallowed list
- X-Frame-Options
- HTML5 sandbox
If the body element's node document's browsing context is a nested browsing context, and the browsing context container of that nested browsing context is a frame or iframe element, then the container frame element of the body element is that frame or iframe element. Otherwise, there is no container frame element.
The above requirements imply that a page can change the margins of another page (including one from another origin) using, for example, an iframe. This is potentially a security risk, as it might in some cases allow an attack to contrive a situation in which a page is rendered not as the author intended, possibly for the purposes of phishing or otherwise misleading the user.
References
- HTML5 Specification, Section 10: Rendering
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1745528449a4631582.html
评论列表(0条)