| || |
| || |
Join Date: Apr 2009
Re: Link outside of an iframe
The user login to the server hosting the content to the iframe taking place without its knowledge, it is easy for a malicious individual to exploit this property to compromise its victim. The objective of using the iframe tag by malicious people is often the spread of malicious code. The procedure is often the same. The first step is to compromise a legitimate site. Once the attacker has gained access to the site, it took the opportunity to insert in the pages of legitimate IFRAME and make them invisible. To do this, or it reduces the minimum size, or it blocks the view. Blocking does not prevent the display of the visitor's connection to the server containing the contents of the iframe. To make the iframe invisible to the user must enter the following parameter to the tag
The visitor, visiting the page of a site prior to "trust", then draws, unwittingly, a connection to a site and downloads malicious code. This code to run, operates browser vulnerabilities and installs on the victim's computer. The risks relate IFRAME s Internet site developers, hosting providers and end users. Developers are the first barrier against such attacks. Injecting IFRAME tag in a legitimate web page is usually by means of a weakness of the website. The compromise of a site may harm the image of its designer and the entity or business administration, represented by this site. The hosts, whose status as an intermediary between the design of the site and its end use, are also affected. They may, for their vigilance, control of newspapers and blocking measure, limit or even prevent the compromise of sites and therefore visitors coming to them.