cross-origin framing

Questions or requests about submissions
Post Reply
edent
Posts:4
Joined:Sun Dec 06, 2015 10:38 am
cross-origin framing

Post by edent » Mon Dec 21, 2015 1:50 pm

On the submission page, I see "iframe injections must contain an iframe with xssposed.org"

If I try to inject [code]<iframe src="http://xssposed.org/"></iframe>[/code]

I get the error.
"Load denied by X-Frame-Options: https://www.xssposed.org/ does not permit cross-origin framing."

Am I missing something? Surely then it is not possible to load an iframe with this site in it.
Top
User avatar
x1admin
Site Admin
Posts:3102
Joined:Sun Nov 15, 2015 7:04 pm

Re: cross-origin framing

Post by x1admin » Mon Dec 21, 2015 9:45 pm

you can use iframe, we check request and accept vulnerability
Top
User avatar
mradamdavies
Posts:29
Joined:Wed Nov 25, 2015 3:00 pm
Contact:
Contact mradamdavies

Re: cross-origin framing

Post by mradamdavies » Mon Dec 21, 2015 9:54 pm

Code: Select all

https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
^Probably blocked to prevent click-jacking, etc.

Try injecting something else, not just another URL.

Probably not vuln.
Top
Post Reply

Return to “Submissions Discussion”

Who is online

Users browsing this forum: No registered users and 2 guests