PaulDotCom mailing list archives
iframe injection question
From: cmerkel at gmail.com (Chris Merkel)
Date: Thu, 4 Jun 2009 07:49:57 -0500
On Thu, Jun 4, 2009 at 1:57 AM, <christopher.riley at r-it.at> wrote:
Sure, make the link point to an HTTPS site with a valid certificate, or use XSS to insert your desired content into an existing (vulnerable) HTTPS site of your choice.
I understand that - but assuming that's not an option - HTTP only on the injected code - is there another way to do this? Not necessarily through a plain iframe - are there any javascript, encoding tricks, etc that would cause the browser not to recognize the mixed content? - Chris
Current thread:
- iframe injection question Chris Merkel (Jun 03)
- iframe injection question christopher.riley at r-it.at (Jun 03)
- iframe injection question Chris Merkel (Jun 04)
- iframe injection question Nathan Sweaney (Jun 04)
- iframe injection question christopher.riley at r-it.at (Jun 05)
- iframe injection question Chris Merkel (Jun 05)
- iframe injection question christopher.riley at r-it.at (Jun 05)
- iframe injection question Chris Merkel (Jun 04)
- iframe injection question christopher.riley at r-it.at (Jun 03)