Home page logo

pauldotcom logo PaulDotCom mailing list archives

iframe injection question
From: christopher.riley at r-it.at (christopher.riley at r-it.at)
Date: Fri, 5 Jun 2009 15:14:01 +0200

Nothing malicious.... I think you're on the wrong mailinglist ;)

I'd try something like --> document.getElementById(id).innerHTML = "new
content text here..."; Although I'm not sure how this will interact with
the iframe. I'm not a programmer by any stretch of the imagination.

Let me know how it works out. I might give it a try if I get the time and
motivation over the weekend.


pauldotcom-bounces at mail.pauldotcom.com () inet wrote on 05.06.2009 14:46:12:

Just out of interest, what are you putting into the iframe ? BeEF ?
a malicous PDF etc ???

Nothing malicious to the end user - the system's end users are
development staff, so yeah, they would notice a modal box where there
wasn't one before.

I like the javascript idea - I'm going to see how that works out. If
I'm successful, I'll let you know.

- Chris
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
Main Web Site: http://pauldotcom.com

Raiffeisen Informatik GmbH, Firmenbuchnr. 88239p, Handelsgericht Wien, DVR
0486809, UID ATU 16351908

Der Austausch von Nachrichten mit oben angefuehrtem Absender via E-Mail
dient ausschliesslich Informationszwecken. Rechtsgeschaeftliche
Erklaerungen duerfen ueber dieses Medium nicht ausgetauscht werden.
Correspondence with above mentioned sender via e-mail is only for
information purposes. This medium may not be used for exchange of
legally-binding communications.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090605/ea024c7e/attachment.htm 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]