XFS - Cross Frame Scripting
Definition:
The frame which is vulnerable to Hackers to edit Source hence to Destroy it Structure partially or fully .
Types of XFS :
temporary
in this type of vulnerable the user can only take control over only his side with a normal redirect ( works only for tester ) (the url remains same )
Permanent :
in this type the vulnerable will come via url and it is visible in every part of world until unless the vulnerable is fixed .
Finding vulnerable :
the vulnerable revolves around the site with many Iframe's . So you need choose the website wisely . do not choose if Iframe's is coded in complete pure html . every thing else works !
Things needed :
1)Firefox
FireFox is the best browser for hacker .
2) Tamper Data Addon
A addon for firefox which Catches GET's And POST's which are most important in XFS .
3) A brain
Huh > you have it right ?
4) Cookie Manager/Editor Addon
exploiting :
the Formula Must should be :
home page --> sub link --> iframe
Lets take a Example as " chrome download page " ( just a Example no XFS exists )
i.e :
Open up Tamper data In Firefox :
After that , Now Click Start tamper !
Click the sub link which will Direct you to a direct IFrame .
Take a note Pad And write Down all the Commands listed in tamper data
i.e Example :
now make sure it has 1-5 POST's and reaming are all GET's
Now , Go back from browser And click again now make Sure you leave All the GET's And when Ever you got a POST Command edit all the fields to
Now you need to do minor Editing in the url to check its weather XFS or not .
lets try it out :
Viola! we got it .
Now edit the cookie of that page with cookie Manager ! Set it to "
POST5 "
Now reload page and see the result is same or not .
its same We got it right !
Now If you want to Redirect use as follows code
And if you want to popup use this code
Definition:
The frame which is vulnerable to Hackers to edit Source hence to Destroy it Structure partially or fully .
Types of XFS :
- temporary
- permanent ( rare )
temporary
in this type of vulnerable the user can only take control over only his side with a normal redirect ( works only for tester ) (the url remains same )
Permanent :
in this type the vulnerable will come via url and it is visible in every part of world until unless the vulnerable is fixed .
Finding vulnerable :
the vulnerable revolves around the site with many Iframe's . So you need choose the website wisely . do not choose if Iframe's is coded in complete pure html . every thing else works !
Things needed :
1)Firefox
FireFox is the best browser for hacker .
2) Tamper Data Addon
A addon for firefox which Catches GET's And POST's which are most important in XFS .
3) A brain
Huh > you have it right ?
4) Cookie Manager/Editor Addon
exploiting :
the Formula Must should be :
home page --> sub link --> iframe
Lets take a Example as " chrome download page " ( just a Example no XFS exists )
i.e :
PHP Code:
https://www.google.com/intl/en/chrome/browser/ Open up Tamper data In Firefox :
After that , Now Click Start tamper !
Click the sub link which will Direct you to a direct IFrame .
Take a note Pad And write Down all the Commands listed in tamper data
i.e Example :
PHP Code:
12x GET's
5x POST's now make sure it has 1-5 POST's and reaming are all GET's
Now , Go back from browser And click again now make Sure you leave All the GET's And when Ever you got a POST Command edit all the fields to
PHP Code:
XFS Now you need to do minor Editing in the url to check its weather XFS or not .
lets try it out :
PHP Code:
x.com/thread-01/view;POST1
Result:Same as Original
x.com/thread-01/view;POST2
Result: Same as Original
x.com/thread-01/view;POST3
Result: Same as Original
x.com/thread-01/view;POST4
Result: Same as Original
x.com/thread-01/view;POST5
Result: Broken I Frame ( we got it !!) Viola! we got it .
Now edit the cookie of that page with cookie Manager ! Set it to "
POST5 "
Now reload page and see the result is same or not .
its same We got it right !
Now If you want to Redirect use as follows code
PHP Code:
x.com/thread-01/view;POST5;redir.php?=www.google.com And if you want to popup use this code
PHP Code:
x.com/thread-01/view;POST5;alert("XFS") 
2 (mga) komento
Nice article on the cross frame scripting, the coding, the screen shots and images given are very well and easy to understand.
ReplyI Want to use this medium in appreciating cyber golden hacker , after being ripped off my money,he helped me find my cheating lover he helped me hack her WHATSAPP, GMAIL and kik and i got to know that he was cheating on me, in less than 24 hours he helped me out with everything, cybergoldenhacker is trust worthy and affordable contact him on: cybergoldenhacker at gmail dot com
ReplyMag-post ng isang Komento