A1 – Iframe Injection (Level: Low)
Hello Cyberman!
English broadcasts will now be more frequent! This series of articles will be on web bugs.
What Is The bWAPP?
bWAPP is a machine designed to learn and fix web vulnerabilities.It contains a wide variety of vulnerabilities.
What is IFrame Vulnerability?
It is a vulnerability that occurs as a result of using the iframe element excessively or with wrong redirects.
How to Detect Vulnerability?
When visiting the WEB site, your browser should receive a GET/POST value as in the red area in the url address section.
“iframei.php?ParamUrl=XXXX” You can add various page links to the part taken as “XXXX” in the value of the URL address.
If a positive result is obtained when a link attempt is made as above, this means that there is a weakness. For example I tried “https://www.s4msecurity.com”. And part of the page appeared in the small window.
What Can Be Done With This Vulnerability?
Challenge your thoughts. This vulnerability is displaying a link it received. What if an e-mail you receive from a corporate and reliable page is exploited with such a weakness in the message?
As seen in the picture above, we are listening to port 4545 with the NC tool. And let’s enter our own IP address with the port in the field we entered as “https://www.s4msecurity.com”. For example: “http://192.168.57.134:4545”
Imagine sending the link above to a victim and clicking it.
As seen in the picture above, when the victim wants to click and open, the system wants to establish a connection to the attacker computer.
Imagine that you design a malicious page on your local device and run it with a server application such as Apache.
Have a nice day with lots of informatics 🙂
Thank you very much for sharing, I learned a lot from your article. Very cool. Thanks. nimabi