Published 18 years 9 months ago • Last updated March 22, 2025 • ⏱️ < 1 min read
I think the single most insecure feature of internet browsers today is iframes, you can do too much with them and I feel I've only touched the surface with the examples I've shown. My next tool shows how simple it is to scan your entire local network from the internet using iframes, CSS and absolutely no javascript!
Geez I've never had so many 403 errors in my apache logs, you don't need folder contents people! Look the code is in CSS, so you don't need any other code, got it? Well stop trying to grab the contents of a directory that is in plain sight. Some people!
I don't normally agree with releasing whitepapers on subjects because I believe you don't need an essay to explain this stuff, all you need is to look at the code but I'd thought I would make the exception so here is a whitepaper about this subject:-
Run for the hills the internet is falling apart!
Here's some more CSS scanners that I've been told about:- RSnake's CSS scanner PDP's noscript scanner Jeremiah Grossman's CSS History hack