Published 18 years 7 months ago • Last updated March 22, 2025 • ⏱️ 2 min read
I've decided to collect the various proof of concepts I've done and summarise why iframes are a security risk. Here are the top reasons:-
Description:- Because you can embed another web site inside your page, you can exploit that page and perform actions as that user and doing anything on a chosen web site.
Proof of concept:- Safari beta 3.03 zero day
Description:- Using iframes embedded onto a compromised site an attacker then can reflect attacks to other servers therefore making attacks difficult to trace and having a focal point to conduct attacks.
Proof of concept:- None available for this type of attack as it would be difficult to show the method without actually conducting an attack.
Description:- By exploiting features in CSS and using iframes to check if the default IP address exists, it's possible to get your network address range quite easily providing the network device uses the default out of the box IP address.
Proof of concept:- CSS LAN scanner
Description:- Using a similar method as above it is possible to gain your LAN information using Javascript.
Proof of concept:- Javascript LAN scanner
Description:- Iframes can be embedded inside each other in Firefox and you can alter their appearance to create seamless overlays with any site. This would make it very difficult for a user to know which site they are interacting with and fool them to performing an action.
Proof of concept:- Verisign OpenID exploit (now fixed)
Description:- Iframes also allow you to perform redirection so you can have access to URLs which normally wouldn't be accessible. In the delicious example, the POC redirects from delicious/home to your account bookmarks and then uses CSS overlays to display your first bookmark. Firefox and a delicious account are required for the POC.
Proof of concept:- Delicious CSS overlay/Redirection