Jump to content

Frame injection

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Tohd8BohaithuGh1 (talk | contribs) at 14:45, 13 September 2008 (converting bare references). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

For other uses of the term "frame injection", see Frame injection (disambiguation).

A frame injection attack is an attack on Internet Explorer 5, Internet Explorer 6 and Internet Explorer 7 to load arbitrary code in the browser.[1] This attack is caused Internet Explorer not checking the destination of the resulting frame,[2] therefore allowing arbitrary code such as Javascript or VBScript. This also happens when code gets injected through frames due to scripts not validating their input.[3] This other type of frame injection affects all browsers and scripts that do not validate untrusted input.[4]


References

  1. ^ "Internet Explorer Frame Injection Vulnerability - Secunia Advisories - Vulnerability Intelligence - Secunia.com". Secunia. Retrieved 2008-09-13.
  2. ^ "Microsoft Security Bulletin (MS98-020)". Microsoft Corporation. Retrieved 2008-09-13.
  3. ^ "Cross Frame Scripting - OWASP". OWASP. Retrieved 2008-09-13.
  4. ^ [1][dead link]
Retrieved from "https://en.wikipedia.org/w/index.php?title=Frame_injection&oldid=238154008"