Comments on: Frame Injection Fun

By: JD

JD — Thu, 20 Jan 2011 14:52:44 +0000

Filtering is not the best defense against XSS and HTMLi. Encoding output is. Filtering must prevent all possible combinations of mallicious input. Encoding encodes all output. Encoding is simpler and covers more of the threat domain naturally.

By: .:[ d4 n3wS ]:. » Blog Archive » Frame injection PoC: gmail phishing..

.:[ d4 n3wS ]:. » Blog Archive » Frame injection PoC: gmail phishing.. — Wed, 25 Aug 2010 04:18:45 +0000

[...] Origine de l’article : http://www.gnucitizen.org/blog.....ction-fun/ [...]

By: What’s new in web hacking techniques of 2008

What’s new in web hacking techniques of 2008 — Tue, 09 Feb 2010 05:35:59 +0000

[...] Frame Injection Fun [...]

By: GigA: Todo es seguro ~~: iFrame Injection « El camello, el LeÃ³n y el niÃ±o. O la evoluciÃ³n del perro al lobo.

Mon, 06 Jul 2009 07:35:30 +0000

[...] Leer mÃ¡s. Mi comentario: La evoluciÃ³n de los sistemas es anÃ¡logo al de las especies. Solo sobreviven los fuertes. Con lo que redunda en mejores sistemas. Las vÃctimas solo son efectos colaterales de la evoluciÃ³n. Jo, menudo punto de vista, un tanto fascista creo que me ha salido. Lo voy a meditar [...]

By: Lightningã§Thunderbirdã«ToDoã‚„ã‚«ãƒ¬ãƒ³ãƒ€ãƒ¼ã‚’çµ±åˆã—ã‚ˆã† | my96soft-é›†åˆçŸ¥ã®ã™ã°ã‚‰ã—ã•ã‚’æ±‚ã‚ã¦-

Tue, 12 May 2009 09:44:05 +0000

[...] å®Ÿéš›ã«Gmailã®ãƒã‚°ã‚¤ãƒ³ç”»é¢ï¼ˆå½ï¼‰ä½œã‚ŠãŸã‹ã£ãŸã‚‰ã“ã¡ã‚‰ã®ã‚³ãƒ¼ãƒ‰ã‚’å‚è€ƒã«ä½œã£ã¦ã¿ã¦ã‚ˆã€‚ Frame Injection Fun | GNUCITIZEN [...]

By: p3lo

p3lo — Wed, 15 Apr 2009 15:20:19 +0000

I have worked to developp this technique, and i have constated that we can break the frame with:

if (top.frames.length!=0) top.location=self.document.location;

and

document.location="http://evil.foo/login.php";

The first script can be used to secure the page framed...

By: Le migliori tecniche di Web Hacking del 2008 | lonerunners.net

Le migliori tecniche di Web Hacking del 2008 | lonerunners.net — Sun, 15 Mar 2009 17:19:08 +0000

[...] Frame Injection Fun [...]

By: Heuristic Delta :: Top 70 Hacking Methods :: http://blogs.heuristicdelta.com

Heuristic Delta :: Top 70 Hacking Methods :: http://blogs.heuristicdelta.com — Wed, 25 Feb 2009 07:47:20 +0000

[...] Frame Injection Fun [...]

By: Submit Your Top Web Hacking Techniques for 2008 | GNUCITIZEN

Submit Your Top Web Hacking Techniques for 2008 | GNUCITIZEN — Fri, 30 Jan 2009 00:04:19 +0000

[...] Frame Injection Fun [...]

By: GUYA.NET » Blog Archive » Google Hackathon was hacked

GUYA.NET » Blog Archive » Google Hackathon was hacked — Wed, 05 Nov 2008 00:45:13 +0000

[...] I got was that I should report this somewhere in the GMail website. But, it’s already been reported, I [...]

By: Adrian 'pagvac' Pastor

Adrian 'pagvac' Pastor — Tue, 21 Oct 2008 07:07:13 +0000

@Chintan: this is a problem of semantics, we could talk about it forever. It doesn’t matter what you call it, the issue is still the same: you can insert third-party content while still showing mail.google.com in the address bar.

We did NOT come up with the term “frame injection” (just do a Google search), neither did we claim we came up with a new technique. The only reason why there has been some media interest is because Google is something everyone can relate to.

Thanks a lot for your feedback again btw.

By: Chintan

Chintan — Sun, 19 Oct 2008 16:32:33 +0000

@Adrian – I appreciate your explanation. But i still think an attacker is not adding any frame into victim’s page. I think it can be termed as url redirection via frames.

The reason the address bar reflects new url in a traditional url redirection attack is because the redirection is direct one (i.e. @page level).

Since in this case the the functionality of the frame is to load an external url- which is abused to load an arbitrary page inside that frame, it will never show up in address bar (not even for the legitimate page).

I repeat, an attacker is not injecting any frame into victim’s webpage. Only the content of the existing frame changes as the domain is not restricted. Then how can one call it frame “Injection”?

I think the debate may be endless. Instead i give it up here. Feel free to call it anything you want.

None the less, not a bad catch (just that it has been overhyped to reflect as a new kind of attack). I have always appreciated GNU Citizen for their innovations, but i cannot give credit for this one atleast.

By: Diversas vulnerabilidades en Google | El blog de José Luís Zayas

Diversas vulnerabilidades en Google | El blog de José Luís Zayas — Sat, 18 Oct 2008 14:33:50 +0000

[...] La primera de ellas se trata de un Cross Domain Frame http://mail.google.com/imgres?......com/482f3 según podemos ver, un usuario que entrara en dicho link podría ser engañado y capturar sus credenciales de su cuenta Google, más información aquí. [...]

By: Frame injection exploits Google flaw | Information Systems Security

Frame injection exploits Google flaw | Information Systems Security — Fri, 17 Oct 2008 17:55:01 +0000

[...] posted the frame-injection PoC example against Google on the GNUCitizen blog. He explained that frame injection works by inserting the URL of a third-party website into the [...]

By: Ethical Hackers » Google Gmail, Other Apps, Vulnerable To Attack

Ethical Hackers » Google Gmail, Other Apps, Vulnerable To Attack — Fri, 17 Oct 2008 03:13:59 +0000

[...] ‘pagvac’ Pastor, a security researcher with GNUCitizen.org, on Friday posted proof-of-concept code that can inject a third-party page — a fake login page in Pastor’s example — while the [...]

By: Adrian 'pagvac' Pastor

Adrian 'pagvac' Pastor — Thu, 16 Oct 2008 07:10:09 +0000

@Chintan: sure it IS different. In a redirection attack, the URL in the browser’s address bar changes to a non-trusted third-party site once the “evil” URL is visited. In a frame injection attack, the address bar remains showing the legitimate domain after the “evil” URL is visited.

It is called frame injection because the third-party content is inserted via a dynamically generated frame. Check the ‘frame’ tags in the source code for more info.

@Daniel: I’m actually against creating new vulnerability names, it just complicates things. The only reason I mentioned the term “frame injection” is because: 1) it’s NOT a new term. 2) the filtering solution needed is different to the one required for “pure” XSS/HTMLi vulnerabilities as the attacker doesn’t need to inject “dangerous” characters. At least generally speaking.

By: Serviços do Google estão vulneráveis a Frame Injection | Elvis Fernandes

Serviços do Google estão vulneráveis a Frame Injection | Elvis Fernandes — Wed, 15 Oct 2008 11:40:05 +0000

[...] O Adrian ‘pagvac’ Pastor, da GNUCitizen, postou sua descoberta sobre a vulnerabilidade do google a ataques de Frame Injection. [...]

By: Jim Manico

Jim Manico — Tue, 14 Oct 2008 18:00:26 +0000

RE: Comments about about input validation above : you do NOT defend against XSS by input validation – thats one of the biggest misnomers in AppSec. You solve it via ENCODING data before presenting it to your users. ESAPI, for example, provides a variety of data encoding functions depending on context: encodeForHTML, encodeForHTMLEntity, encodeForJavascript, etc.

By: Google Gmail, Other Apps, Vulnerable To Attackers , Hackers | Tech At Hand Dot Net | Philippines, Technology, SEO and Blogging

Tue, 14 Oct 2008 09:03:48 +0000

[...] Adrian ‘pagvac’ Pastor, a security researcher with GNUCitizen.org, on Friday posted proof-of-concept code that can inject a third-party page — a fake login page in Pastor’s example — [...]

By: Chintan

Chintan — Tue, 14 Oct 2008 02:16:29 +0000

Hi, I don’t think its any thing different from URL Redirection (except that it is now wrapped with a new shiny marketing lingo). I still don’t understand where the frame gets injected! It’s just getting loaded from an external source.

Instead of loading Fake Gmail page, you can load any page instead. The following loads yahoo :P

http://mail.google.com/imgres?...../yahoo.com

Can some one please explain me the rationale for calling it a frame injection?

Comments on: Frame Injection Fun

By: JD

By: .:[ d4 n3wS ]:. » Blog Archive » Frame injection PoC: gmail phishing..

By: What’s new in web hacking techniques of 2008

By: GigA: Todo es seguro ~~: iFrame Injection « El camello, el LeÃ³n y el niÃ±o. O la evoluciÃ³n del perro al lobo.

By: Lightningã§Thunderbirdã«ToDoã‚„ã‚«ãƒ¬ãƒ³ãƒ€ãƒ¼ã‚’çµ±åˆã—ã‚ˆã† | my96soft-é›†åˆçŸ¥ã®ã™ã°ã‚‰ã—ã•ã‚’æ±‚ã‚ã¦-

By: p3lo

By: Le migliori tecniche di Web Hacking del 2008 | lonerunners.net

By: Heuristic Delta :: Top 70 Hacking Methods :: http://blogs.heuristicdelta.com

By: Submit Your Top Web Hacking Techniques for 2008 | GNUCITIZEN

By: GUYA.NET » Blog Archive » Google Hackathon was hacked

By: Adrian 'pagvac' Pastor

By: Chintan

By: Diversas vulnerabilidades en Google | El blog de José Luís Zayas

By: Frame injection exploits Google flaw | Information Systems Security

By: Ethical Hackers » Google Gmail, Other Apps, Vulnerable To Attack

By: Adrian 'pagvac' Pastor

By: Serviços do Google estão vulneráveis a Frame Injection | Elvis Fernandes

By: Jim Manico

By: Google Gmail, Other Apps, Vulnerable To Attackers , Hackers | Tech At Hand Dot Net | Philippines, Technology, SEO and Blogging

By: Chintan

By: Lightningã§Thunderbirdã«ToDoã‚„ã‚«ãƒ¬ãƒ³ãƒ€ãƒ¼ã‚’çµ±åˆã—ã‚ˆã† | my96soft-é›†åˆçŸ¥ã®ã™ã°ã‚‰ã—ã•ã‚’æ±‚ã‚ã¦-