Jump to content

Frame injection

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 209.171.88.39 (talk) at 19:00, 2 February 2022 (fixed a broken link). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

A frame injection attack is an attack on Internet Explorer 5, Internet Explorer 6 and Internet Explorer 7 to load arbitrary code in the browser.[1] This attack is caused by Internet Explorer not checking the destination of the resulting frame,Cite error: A <ref> tag is missing the closing </ref> (see the help page).x |title=Microsoft Security Bulletin (MS98-020) |publisher=Microsoft Corporation |date= |accessdate=2008-09-13}}</ref> therefore allowing arbitrary code such as JavaScript or VBScript. This also happens when code gets injected through frames due to scripts not validating their input.[2] This other type of frame injection affects all browsers and scripts that do not validate untrusted input.[3]

References

  1. ^ "Internet Explorer Frame Injection Vulnerability". Vulnerability Intelligence. Secunia Advisories. Retrieved 2008-09-13.
  2. ^ "Cross Frame Scripting - OWASP". OWASP. Retrieved 2008-09-13.
  3. ^ "Secunia Advisory". Secunia. Archived from the original on 2007-12-19. Retrieved 2008-09-13.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Frame_injection&oldid=1069526697"