iframe injection question

[christopher.riley at r-it.at (christopher.riley at r-it.at)]

Sure, make the link point to an HTTPS site with a valid certificate, or use
XSS to insert your desired content into an existing (vulnerable) HTTPS site
of your choice.

Chris

pauldotcom-bounces at mail.pauldotcom.com@inet wrote on 03.06.2009 23:24:20:

> Let's say that I figured out how to inject an iframe into a site, but
> the site is all SSL and the iframe content is only HTTP. Is there a
> way to properly display that content without the end-users on IE
> getting that "This page contains secure and insecure..." modal box?
>
> --
> - Chris Merkel
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com

----------------------------------------
Raiffeisen Informatik GmbH, Firmenbuchnr. 88239p, Handelsgericht Wien, DVR
0486809, UID ATU 16351908

Der Austausch von Nachrichten mit oben angefuehrtem Absender via E-Mail
dient ausschliesslich Informationszwecken. Rechtsgeschaeftliche
Erklaerungen duerfen ueber dieses Medium nicht ausgetauscht werden.
Correspondence with above mentioned sender via e-mail is only for
information purposes. This medium may not be used for exchange of
legally-binding communications.
----------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090604/3ed48722/attachment.htm