CAPEC-587: Cross Frame Scripting (XFS)
This attack pattern combines malicious Javascript and a legitimate webpage loaded into a concealed iframe. The malicious Javascript is then able to interact with a legitimate webpage in a manner that is unknown to the user. This attack usually leverages some element of social engineering in that an attacker must convinces a user to visit a web page that the attacker controls.
Last updated
Overview
CAPEC-587 (Cross Frame Scripting (XFS)) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- The user's browser must have vulnerabilities in its implementation of the same-origin policy. It allows certain data in a loaded page to originate from different servers/domains.
Consequences
What a successful CAPEC-587 attack can achieve.
Read Data
Affects: Confidentiality
Cross Frame Scripting allows an adversary to steal sensitive data from a legitimate site.
How to mitigate it
Defenses that reduce the risk of CAPEC-587.
- Avoid clicking on untrusted links.
- Employ techniques such as frame busting, which is a method by which developers aim to prevent their site being loaded within a frame.
Examples
An adversary-controlled webpage contains malicious Javascript and a concealed iframe containing a legitimate website login (i.e., the concealed iframe would make it appear as though the actual legitimate website was loaded). When the user interacts with the legitimate website in the iframe, the malicious Javascript collects that sensitive information.