IFrame cross site submission

Forum Moderators: open

Message Too Old, No Replies

IFrame cross site submission

Tricker

9:19 am on Aug 22, 2008 (gmt 0)

Hi All,

In my current project i am facing an issue which is related to the iframe.

i am using an iframe with src=http://exmaple.com. when i logged in by using emailid and pass instead of opening my inbox in that iframe all the things comes to the parent window and the whole logic goes off..

any pointer or help for the same is higly appreciable

below is the sample code

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<body>
<div style="border:1px solid blue; height:350px; width:450px;">
<iframe src="http://www.gmail.com" style="width:450px; height:350px;">
dfsfd
</iframe>
</div>
</body>
</html>

pageoneresults

9:21 am on Aug 22, 2008 (gmt 0)

I'm going to take a wild guess here and say there is a frame buster script in place at the destination URI for the <iframe>. ;)

Tricker

11:32 am on Aug 22, 2008 (gmt 0)

yes you are right! i googled it and found that xss (cross site scripting) script is useful in this particular case..

but not that much good in scripting to resolve these kind of issue..

so need your help or any pointer to resolve this is highly appreciable..

Thanks,
Tricker

csuguy

2:45 am on Aug 23, 2008 (gmt 0)

I would post this in the javascript section - I think that if this can be solved it would be with javascript.