Home page logo

pauldotcom logo PaulDotCom mailing list archives

iframe injection question
From: cmerkel at gmail.com (Chris Merkel)
Date: Thu, 4 Jun 2009 07:49:57 -0500

On Thu, Jun 4, 2009 at 1:57 AM,  <christopher.riley at r-it.at> wrote:
Sure, make the link point to an HTTPS site with a valid certificate, or use
XSS to insert your desired content into an existing (vulnerable) HTTPS site
of your choice.

I understand that - but assuming that's not an option - HTTP only on
the injected code - is there another way to do this? Not necessarily
through a plain iframe - are there any javascript, encoding tricks,
etc that would cause the browser not to recognize the mixed content?

- Chris

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]