Cisco Iframe Injection

2013-06-04T00:00:00
ID PACKETSTORM:121876
Type packetstorm
Reporter Vinesh Redkar
Modified 2013-06-04T00:00:00

Description

                                        
                                            `Dear Support,  
  
I have found iframe injection on newsroom.cisco.com.  
  
  
Affected URL:  
http://newsroom.cisco.com/blair-christie?articleId=%27%22%3E%3Ciframe%20src=%22http://www.avsecurity.in%22%20width=%221000%22%20height=%221000%22%3E/*  
  
  
Below are the description for the same.  
  
*IFrame Injection:*  
Using IFrame tag, The Attackers injects the malware contain website(links)  
using Cross site Scripting in popular websites. So if the usual visitors  
of that popular sites opens the website, it will redirect to malware  
contain website. Malware will be loaded to your computer, now you are  
infected  
  
Affected URL:  
http://newsroom.cisco.com/blair-christie?articleId=%27%22%3E%3Ciframe%20src=%22http://www.avsecurity.in%22%20width=%221000%22%20height=%221000%22%3E/*  
  
Affected parameter : articleId  
  
Attack Vector: %27%22%3E%3Ciframe%20src=%22http://www.avsecurity.in  
%22%20width=%221000%22%20height=%221000%22%3E/*  
  
  
*What an attacker can do with Iframe Injection?*  
Using Iframe Injection, an attacker can inject advertisements inside any  
other websites, insert malware infected site links, redirect to malware  
infected sites and more.  
--  
Thank & Regard,  
Vinesh Redkar  
Security Researcher  
AVsecurity.in  
`