Frame Injection Flaws ~ Devil's Blog On Security

A DEVIL'S BLOG ON COMPUTER AND INFORMATION SECURITY, ETHICAL HACKING AND COUNTERMEASURES

Learn Ethical Hacking | Learn Hacking Online | Learn How To Hack|Hack Counter Hack| Ethical Hacking Tutorials

Frame Injection Flaws

Frame Injection is vulnerability which occurs in HTML page with frames. Frame injection vulnerability exists because many browsers support editing of frames, if a HTML page uses frameset tag to create several frames in single HTML page, even though the source of frame is called from another website it still remains vulnerable.

How to find website vulnerable to Frame Injection:

If you encounter any HTML page with frames on it then right click on it and view source code. Find for frameset tag.

<frameset>

<frame src= “some website” name= “frame - 1”>

<frame src= “some website” name= “frame – 2”>

<frame src= “some website” name = “main frame”>

</frameset>

Above is just example real code might appear more sophisticated than this therefore it is mandatory for you to know HTML for finding and exploiting Frame Injection flaws. Now reload page and check does the value for frame name is same or not. If it changes with every page reload then the site is not vulnerable and if no change occurs in name then surely the site is vulnerable.

Exploiting Frame Injection Flaws:

Once you get vulnerable site you can exploit it using following steps.

Create a website and write a script on it which will try to overwrite contents for main frame of vulnerable site. Allow this script to wake up or run every 5, 10 or 15 seconds.

Now the original frame contents on vulnerable site will be overwritten within every 10 – 15 seconds by attacker's script and the visitor to that site will not find anything wrong. Attacker now waits for user to click on injected fame and arrive at his/her site.

The above attack may very much appear to phishing however in frame injection attack the attack appears very much legitimate because application or website actually appears in frame of legitimate site and still works with same application. Next problem is that even if the original site uses HTTPS, attack will still succeed because SSL certificate will be verified from legitimate site and not the frameset site. Though it is simple but vulnerability will even fool a well informed user.

Countermeasures:

1. Don't use names for frames.

2. Disallow intercommunication between different frames. If this option is not feasible try to create frames that will intercommunicate less.

3. Use unique names for frames for each session.

4. Append session cookie with each application in frame.