FrameJammer DOM based XSS

From: mkey@freemail.hu
To: bugtraq@securityfocus.com
Cc:
Subject: FrameJammer DOM based XSS
Date:


Software:FrameJammer 
Author:Hal Pawluk
Software Description: FrameJammer is a little javascript code which prevents opening framed pages outside their frameset. FrameJammer used to be distributed as a Macromedia Dreamweaver extension, nowadays web developers are spreading it with copy-paste.

Problem:
FrameJammer does not validate user input (Window.Location) and therefore it contains a DOM Based XSS vulnerability.

PoC:
http://<url>?javascript:alert(123)~<frame-name>

I did not contact with the author. His website is down and I am not in the possession of his contact information. 





Copyright © 1995-2019 LinuxRocket.net. All rights reserved.