-
Notifications
You must be signed in to change notification settings - Fork 73
Object Shadowing
Ohpe edited this page Jan 29, 2016
·
1 revision
In some cases inner frames scripts will check for the existence of top frames objects. It is possible to fool the script by thinking the top window and the object is looking for is accessible by adding iframe elements with the name of the object itself.
<script>
if(top.globalObject!='someValue'){
top.location=location.href.split('#')[0];
}
</script>
top window
<iframe name='globalObject'></iframe>
<iframe src='http://vi.ct.im/page#javascript:JsHere'></iframe>
- Home
- Sources
-
Sinks
- Direct Execution Sinks
- Set Object Sinks
- HTML Manipulation Sinks
- Style Sinks
- XMLHttpRequest Sink
- Set Cookie Sink
- Set Location Sink
- Control Flow Sink
- [Use of Equality And Strict Equality](Use of Equality And Strict Equality)
- Math.random Sink
- JSON Sink
- XML Sink
- [Common JavaScript libraries](Common JavaScript libraries)
- String Manipulation Methods
- Local DOMXSS
- Finding DOMXSS
- Object Shadowing
- Filters
- Glossary
- References