-
-
Save correosdelbosque/a41ee5a0ec4cabefd51e5ffb176ed341 to your computer and use it in GitHub Desktop.
How to hijack a page via a <script> tag loading HTML. Real-world example in curl-output.txt.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
HTTP/1.1 302 Found | |
Date: Sun, 03 Jan 2016 19:58:45 GMT | |
Server: Apache | |
X-Powered-By: PHP/5.4.45-0+deb7u2 | |
Location: http://ww31.gvisit.com/record.php?sid=592101993e8b9913eb0462e5bd4d7501 | |
Content-Length: 0 | |
Connection: close | |
Content-Type: text/html; charset=UTF-8 | |
HTTP/1.1 200 OK | |
Date: Sun, 03 Jan 2016 19:58:45 GMT | |
Server: Apache | |
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_Gzq771WhJU+b7w0c5Lws6JzVrVwB7ft1+YqfHuwEaoyWmYfzltRbJbJUQTnaj/qbPPUYRI8QQTXRbMWK39GUJA== | |
Vary: Accept-Encoding,User-Agent | |
Content-Length: 3234 | |
Content-Type: text/html; charset=UTF-8 | |
<!-- | |
top.location="http://ww31.gvisit.com/?fp=%2BBJL7%2F4axwKg7d7aLlyxF0vECGt%2FlWKiPyysAOEmJJg1kWd%2BU4RyUfIKasvNeyLy5dAeet0P5EcCojXgLdE7Ow%3D%3D&prvtof=T0M6%2BAayVN8Ot5EQzfPF0S1DRTUEhu9j%2B0JTpMQ%2FsB%2FLksJ3g1xdCyhyTI8j%2B%2F0N&poru=AwzWORPE7CPE0lrCMmvjVu3FI0q%2F3OKRR38XeQsupGDnFdPDmOFjaztT45sZx%2FVeS9zvfMBscq%2BI8lLc9qnKThKsqMojZwudCae3anEhItMlQOgsMVzc%2BDWB%2F%2F9I7JQ4&cifr=1&sid=592101993e8b9913eb0462e5bd4d7501"; | |
/* | |
--> | |
<html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_Gzq771WhJU+b7w0c5Lws6JzVrVwB7ft1+YqfHuwEaoyWmYfzltRbJbJUQTnaj/qbPPUYRI8QQTXRbMWK39GUJA=="><head> | |
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> | |
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7"> | |
<meta name="viewport" content="width=device-width"><script type="text/javascript"> | |
<!-- | |
dimensionUpdated = 0; | |
function applyFrameKiller() | |
{ | |
if(window.top != self) | |
{ | |
cHeight = 0; | |
if( typeof( window.innerHeight ) != 'undefined' ) { | |
//Non-IE | |
cHeight = window.innerHeight; | |
dimensionUpdated = 1; | |
} else if( document.documentElement && ( document.documentElement.clientWidth || document.documentElement.clientHeight ) ) { | |
//IE 6+ in 'standards compliant mode' | |
cHeight = document.documentElement.clientHeight; | |
dimensionUpdated = 1; | |
} else if( document.body && ( document.body.clientWidth || document.body.clientHeight ) ) { | |
//IE 4 compatible | |
cHeight = document.body.clientHeight; | |
dimensionUpdated = 1; | |
} | |
if( cHeight <= 250 && dimensionUpdated == 1) | |
{ | |
window.top.location = "http://ww31.gvisit.com/?fp=%2BBJL7%2F4axwKg7d7aLlyxF0vECGt%2FlWKiPyysAOEmJJg1kWd%2BU4RyUfIKasvNeyLy5dAeet0P5EcCojXgLdE7Ow%3D%3D&prvtof=u5NXp3zVWTdYGMkV6iK%2B4MyyRiKQ6AKDxOhUgf5wJTptsVA9ori8WVATqWKXvLt0&poru=QDwxIevt5vHnM50HJeR1FHgomDuSUsv2YcjV%2BtQB25TFAx1unh7hMrc6PRVUA%2B%2BRXbdNuEJ%2B3dFd2IiRpIcEJ5T3wS6dVYDopSaRlsesTgievTVL4dt%2BcIV7%2BLrH%2BM55&cifr=1&sid=592101993e8b9913eb0462e5bd4d7501"; | |
} | |
} | |
} | |
applyFrameKiller(); | |
// --> | |
</script><script type='text/javascript'>try{document.cookie = 'fjccheck=1';}catch(exception){}</script></head><frameset rows="100%,*" frameborder="no" border="0" framespacing="0"> | |
<frame src="http://ww31.gvisit.com/?fp=%2BBJL7%2F4axwKg7d7aLlyxF0vECGt%2FlWKiPyysAOEmJJg1kWd%2BU4RyUfIKasvNeyLy5dAeet0P5EcCojXgLdE7Ow%3D%3D&prvtof=tLdsRL2VNtQbqYMv4TV6N%2FKAg3xaT2EfTL%2BG1exkntEXmI2qgvDCPlaqUGT5HqTp&poru=bCVQ8NcV%2BXuYYlP66iEKcJV2GZc3TYXTFkuzqadeHJrqLqehflgEhknX0sd4fKXIIyQfi45WiR4fZz16O8IhfkUS4XrIgX9KzniMaJBGXvDmbQgq1KIceO3pI4tfQHsT&sid=592101993e8b9913eb0462e5bd4d7501"> | |
</frameset> | |
<noframes> | |
<body bgcolor="#ffffff" text="#000000"> | |
<a href="http://ww31.gvisit.com/?fp=%2BBJL7%2F4axwKg7d7aLlyxF0vECGt%2FlWKiPyysAOEmJJg1kWd%2BU4RyUfIKasvNeyLy5dAeet0P5EcCojXgLdE7Ow%3D%3D&prvtof=TTv2W3uWKJ13MvB5JzJjEBQ8QPV%2F2EaSQy%2B59K8xjUHGZO5Mc6JCUydv8Cs7W9Q%2F&poru=XICWjsQCNh2FX8JNB6qC8YLcP%2FzhDLP8sfUOrYm1ia5ZI1l20rkPwwlth7UrQqKVMc%2BBXDaaAN45SLmow9XFkbIgC6GLv%2FluqybgsfPxUmpcn1icL6fz146JkQwSIAaR&sid=592101993e8b9913eb0462e5bd4d7501">Click here to proceed</a>. | |
</body> | |
</noframes></html><!-- | |
*/ | |
--> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!--- | |
setTimeout('window.location="http://google.com/"', 5000); | |
/* | |
--> | |
<html> | |
<head> | |
<title>Evil Web Page</title> | |
<meta http-equiv="refresh" content="5; url=http://google.com/" | |
</head> | |
<body> | |
<p>Hi! I'm evil!</p> | |
</body> | |
</html> | |
<!--*/--> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<title>Sucker</title> | |
<script src="./evil.js.html" type="text/javascript"></script> | |
</head> | |
<body> | |
<p>Hi! I'm a sucker who included the third-party js being hijacked.</p> | |
</body> | |
</html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment