Bugtraq mailing list archives
FrameJammer DOM based XSS
From: mkey () freemail hu
Date: Mon, 27 Feb 2012 08:50:36 GMT
Software:FrameJammer Author:Hal Pawluk Software Description: FrameJammer is a little javascript code which prevents opening framed pages outside their frameset. FrameJammer used to be distributed as a Macromedia Dreamweaver extension, nowadays web developers are spreading it with copy-paste. Problem: FrameJammer does not validate user input (Window.Location) and therefore it contains a DOM Based XSS vulnerability. PoC: http://<url>?javascript:alert(123)~<frame-name> I did not contact with the author. His website is down and I am not in the possession of his contact information.
Current thread:
- FrameJammer DOM based XSS mkey (Feb 27)