Security vulnerabilities used in Cross Frame Scripting Attack
How is Cross Frame Scripting Attack perpetrated
Cross Frame Scripting Attack can be perpetrated in a number of different ways :
Example 1 :
Attacker first creates a webpage in his own website and in that webpage, he uses an HTML Frame to display the login page of a well-known website.
The attacker may use some tricks like hiding the frame border or expanding the frame to cover the whole page to convince the innocent user that he is opening a webpage of the well-known website.
As per standard web browser security model, the attacker should not have been notified about whatever the user types in a webpage opened in his computer, but the security vulnerabilities discussed above may make that possible.
Example 2 :
In this attack, the attacker creates a webpage in his website and includes a hidden iframe in that webpage. The iframe may open the login webpage of a well-known website and use Cross Site Scripting or XSS vulnerabilities of the well-known website to inject malicious script in that webpage.
Example 3 :
In this attack, the attacker creates a webpage in his website and includes a malicious link in that webpage. Then he uses some trickery to convince the victim to click on the link. On clicking on the link, a malicious script runs which uses Cross Site Scripting vulnerabilities of the well-known website and injects a iframe into that webpage.
Countermeasures of Cross Frame Scripting Attack
Always update your browser with updated security patches. This reduces the security vulnerabilities present in the web browser, reducing the possibility of this attack. In fact, it is always a good to update commonly used software including Operating Systems and web browsers with recent security patches. In most of the cyber attacks, attackers exploit security vulnerabilities of commonly used software. So, more updated the software used, the better it is.
So, beware of various security vulnerabilities, so that you can protect your systems and data in a better way. And, stay safe, stay secured.