XFS (Cross-Frame-Scripting) isn’t a low severity vulnerability like you may think…
What is Cross Frame Scripting?
Cross Frame Scripting (known as XFS) is a vulnerability that doesn’t seem so severe to most people. Frame Hijacking/Injection, etc are all included in this category. XFS is where you are able to control the source attribute of an iFrame, or somehow control scripts inside of it. From here you can achieve somewhat “sandboxed” XSS, where the scripts do not really effect the parent site.
What can we do with it
Many bug bounty programs will tell you this isn’t a very severe vulnerability. However, that is not the case. Here are a list of moderate impact actions you are able to make:
- Key Logging on Internet Explorer
- Redirection of parent
- Depending on the attributes of the frame, you can overwrite page contents
This list will be updated constantly, with more issues I find being added as soon as I find them.
Key Logging on Internet Explorer
There is a bug in all versions of Internet Explorer (including the most recent) that can leak keystrokes across frames. This is a memory leak, due to a focusing issue with multiple frames. Here is code you will put in a frame you have control over:
This code, when inside an iFrame on example.com, will log keystrokes on the parent page.
There are many methods to this, the method I found that works most often includes jQuery and form submissions. If you include this script:
You will redirect to https://example.com. However, it requires the user to allow redirections in general:
This pop-up won’t display if they have already set “Always allow pop-ups and redirect from https://…”
This is kind of self explanatory, if the iFrame does not set specific display or style attributes, you can expand the iFrame and overwrite page content. An example of this is creating an overlay that tricks the user into clicking malicious content. Perhaps an embedded login page? Or maybe a reverse clickjacking-esque style attack.
Do you have any extra vulnerabilities to add? Any that you can comment below, I will update the post with. I appreciate you reading this post, a follow would be much appreciated!