mailing list archives
iframe injection question
From: cmerkel at gmail.com (Chris Merkel)
Date: Thu, 4 Jun 2009 07:49:57 -0500
On Thu, Jun 4, 2009 at 1:57 AM, <christopher.riley at r-it.at> wrote:
Sure, make the link point to an HTTPS site with a valid certificate, or use
XSS to insert your desired content into an existing (vulnerable) HTTPS site
of your choice.
I understand that - but assuming that's not an option - HTTP only on
the injected code - is there another way to do this? Not necessarily
etc that would cause the browser not to recognize the mixed content?