5125 matches found
Apple WebKit 10.0.2 - Cross-Origin or Sandboxed IFRAME Pop-up Blocker Bypass
Apple WebKit 10.0.2 - Cross-Origin or Sandboxed IFRAME Pop-up Blocker Bypass DOMWindow::openconst String& urlString, const AtomicString& frameName, const String& windowFeaturesString, DOMWindow& activeWindow, DOMWindow& firstWindow ... ---------------- 1 ----------------------- if...
Apple WebKit Pop-Up Blocker Bypass Exploit
AppleWebKit suffers from a bypass in the pop-up blocker via a cross-origin or sandboxed iframe. Apple WebKit: Bypass pop-up blocker via cross-origin or sandboxed iframe. CVE-2017-2371 The second argument of window.open is a name for the new window. If there's a frame that has same name, it will t...
Apple WebKit 10.0.2 - Cross-Origin or Sandboxed IFRAME Pop-up Blocker Bypass
DOMWindow::openconst String& urlString, const AtomicString& frameName, const String& windowFeaturesString, DOMWindow& activeWindow, DOMWindow& firstWindow ... ---------------- 1 ----------------------- if !firstWindow.allowPopUp tree.findframeName return nullptr;...
Apple WebKit: Bypass pop-up blocker via cross-origin or sandboxed iframe (CVE-2017-2371)
The second argument of window.open is a name for the new window. If there's a frame that has same name, it will try to load the URL in that. If not, it just tries to create a new window and pop-up. But without the user's click event, its attempt will fail. Here's some snippets. RefPtr...
loopsuae.com IFRAME Injection vulnerability
Vulnerable URL: http://loopsuae.com/searchresults.php?action=dosearch="' XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 11554439 VIP website status:| No Check...
usa-fund.com IFRAME Injection vulnerability
Vulnerable URL: http://www.usa-fund.com/controlpanel/index.php Details: Description| Value ---|--- Patched:| No Latest check for patch:| 04.08.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...
theecologist.org IFRAME Injection vulnerability
Vulnerable URL: http://www.theecologist.org/search.php?q=" XANY Details: Description| Value ---|--- Patched:| Yes, at 25.11.2017 Latest check for patch:| 25.11.2017 10:34 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 197358 VIP website status:| No...
HackerOne: Stealing contact form data on www.hackerone.com using Marketo Forms XSS with postMessage frame-jumping and jQuery-JSONP
Hi, I just discovered that there's a scenario where the Marketo Forms solution being used on www.hackerone.com can actually be abused, using a few fun techniques, to trigger an XSS in the Cross-Origin-iframe being used by Marketo. This results in eavesdropping of the data being sent in the...
wunderground.com IFRAME Injection vulnerability
Vulnerable URL: https://www.wunderground.com/DisplayDisc.asp?DiscussionCode=BOX=MA=Boston" XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 732 VIP website status:|...
Origin Null Vulnerability
rack-cors is vulnerable to an origin null vulnerability. When an iframe contains html code for its source instead of a URL, a website using rack-cors and allowing file:// does not prevent browsers to send null origins...
bu.edu IFRAME Injection vulnerability
Vulnerable URL: https://www.bu.edu/phpbin/lawyearbooks/results.php Details: Description| Value ---|--- Patched:| Yes, at 15.12.2017 Latest check for patch:| 15.12.2017 07:38 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 4258 VIP website status:| Y...
liveinternet.ru IFRAME Injection vulnerability
Vulnerable URL: http://www.liveinternet.ru/search/?q=test-2===" XANY Details: Description| Value ---|--- Patched:| Yes, at 12.09.2017 Latest check for patch:| 12.09.2017 11:05 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 1054 VIP website status:|...
statecollege.com IFRAME Injection vulnerability
Vulnerable URL: http://www.statecollege.com/search/results.php?SearchString=" XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 238627 VIP website status:| No...
cxc.harvard.edu IFRAME Injection vulnerability
Vulnerable URL: http://cxc.harvard.edu/vguide/details.php?agascid='" XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| ...
find.medinfo.ufl.edu IFRAME Injection vulnerability
Vulnerable URL: https://find.medinfo.ufl.edu/dosearch.php?name=" XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No...
cne.gov.co IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-213274 Description| Value ---|--- Affected Website:| cne.gov.co Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
presscouncil.az IFRAME Injection vulnerability
Vulnerable URL: http://www.presscouncil.az/az/search.php?query= XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 2227385 VIP website status:| No Coordinated...
androidappsgame.com IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-213269 Description| Value ---|--- Affected Website:| androidappsgame.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
appsonplaystore.com IFRAME Injection vulnerability
Vulnerable URL: https://appsonplaystore.com/search?q=" XANY Details: Description| Value ---|--- Patched:| Yes, at 17.02.2017 Latest check for patch:| 17.02.2017 05:01 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 641759 VIP website status:| No...
girly.today IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-213267 Description| Value ---|--- Affected Website:| girly.today Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...