> I was wondering, if it's possible to do XSS attacks through > frames? Say can one frame of a page access and modify stuff > on the other frame? Can the frameset document?
Yes, and yes. However, being able to have JavaScript in one frame manipulate the contents of another frame is not, by itself, an XSS attack. Typically, for an XSS attack to be successful, you'd have to trick a server-side script into accepting executable JavaScript within an input, and placing that JavaScript within a page viewed by someone else. If my browser contains a frameset, there's no attack using both frames that wouldn't work just as well with just one frame or the other. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229926 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
