Saturday, June 1, 2013

iFrame Injection

As we all know that the iFrame and Script are the HTML tags. But Now a days hackers are using iFrame and its internal attributes like Height Width and Frame border more. Typically iFrame allows a developer to embed the content of one page to the another page. Calling one page's content to other page and showing there. Means A developer can call multiple page's content to show all in one page.


But the cyber criminals has found the exploit this functionality in order to run their malicious code to the client side.Hackers are using more iFrames as well as the Script command to execute java scripts as well as other malicious scripts to the client side through their websites. This type of attack is also called as Drive-By Attack. This type of attack is allowing hackers to run their code invisibly as well as silently.

Know More about iFrame for HTML5 - http://www.w3schools.com/html5/tag_iframe.asp


REFERENCES : 

  1. http://www.avgthreatlabs.com/webthreats/info/invisible-iframe-injection/ 
  2. https://billing.handsonwebhosting.com/knowledgebase/220/iFrame-Injection-Attack---Site-compromised-or-hacked.html 

No comments: