From framework injection vulnerability to illegal redirection

1) Framework injection vulnerability definition, description:---------------------------------------- Definition: A Framework injection attack is a GUI-based browser attack that includes any Code such as JavaScript, VBScript (ActivX), Flash, AJAX (html + js + py ). The code is injected because the script does not validate them correctly. Although some people may think they are similar to HTML injection/XSS, I will tell you: "They are different ." This is why: * There is no need to inject special control characters, such as angle brackets (HTMLi/XSS) * The HTMLi/XSS filtering routine program will not inject to the project, because we only need to insert a non-audit parameter in the URL. The best way to explain this is to give an example. Most framework injection problems occur in Web applications because dynamic frameworks/iframe do not have enough implementation filtering. For example, we target the following url: https://www.2cto.com/index. php? Targeturl =/contact. php our intention is to launch the targeturl parameter for phishing attacks. Our goal is to insert a third-party webpage according to our control, instead of the original contact webpage: https://www.victim.foo/index.php? Targeturl = http://evil.foo/login.php Note: We can encode malicious pishing links to hexadecimal values, which we did not use in this article. 2) Description of the website as a payload: --------------------------------------------------------------- this technology only works when the victim has added you to his friend list. If Facebook cookie data is stored in a browser, valid framework injection: enter a webpage on the url and name it sharer. php. On Facebook, you will see that if a contact is online or not accepted, his friends or personal information will be disclosed. Hackers will try to add you and obtain information about you. On Facebook, we recommend that you do not add any untrusted contact to you because he can try to crack your account and give you a malicious link.How does this attack work?Here is a small code. You can use Facebook to protect "legitimate" links and inject facebook.com/sharer.php. /---------------------------------- \/------ \ | Http: // | share | \ ----------------------------------------/\ ------/use the Google or Live search box to inject attacks as payload: now we can use our malicious intelligence to hijack this. "Legal" framework injection, we will use a "trusted" website. bypass. php source code is our malicious redirection script, which will explain the following content. The source code of bypass. php is my malicious redirector script, it will be explained later in the paper. Google image frame injection http://www.google.fr/imgres?imgurl=http://fake_url&imgrefurl=http://evil.foo/bypass.php Or Windows live translation framework Injection http://www.windowslivetranslator.com/BV.aspx?ref=Internal#http://www.windowslivetranslator.com/bv.aspx?mkt=fr-FR&dl=fr&lp=en_fr&a=http://evil.foo/bypass.php 3) redirection Description: ----------------------------------- the redirection vulnerability allows an evil user to redirect a website to the victim. This vulnerability of the main attack media is pishing. The vulnerability can only be redirected to remote Web servers using malicious scripts such as php, javascript, vbscript, and ajax (worm ). The most common attack media is reflected in the dual URL: http://site.com/redirect?r=http://malicious_website.com 4) inject vulnz: -------------------------------------------------------------------------------- advanced redirection and frame injection combined attacks: /----------- // -----------/| facebook --- | google --- | bypass. php | --- | login. php --- | B e f: \ ----------- \ --------- \ ----------- \ Facebook sharer. the php input source may look like this script: ######################################## ####### ########################## <! DOCTYPE html PUBLIC "-// W3C // dtd xhtml 1.0 Transitional // EN "" http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd "> <Html xmlns =" http://www.w3.org/1999/xhtml "> <Html>