1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

is iframe vulnerability or not ?

Discussion in 'Web Design, HTML And CSS' started by kylexy, May 20, 2012.

  1. kylexy

    kylexy New Member

    Joined:
    Feb 21, 2012
    Messages:
    11
    Likes Received:
    1
    Trophy Points:
    0
    hey guys... i'm in need for some help here
    i found this website with a php index page, and there's a mysql database behind it
    there's a search box in it and i tried some script but it didn't work , but i was able to make an iframe and i could see the square 200x200 on screen
    i mean, now that i can use iframe in this site, what can i do with it /?
    i mean so is this some kind of a vulnerability ? and if so, what can i do to this site
    i swear i have no black intentions, just testing my skills
     
  2. Alex.Gabriel

    Alex.Gabriel New Member

    Joined:
    Oct 23, 2011
    Messages:
    86
    Likes Received:
    7
    Trophy Points:
    0
    Occupation:
    Linux system administrator
    Location:
    Italy
    Home Page:
    You can iframe even google's search engine. If the IFramed part of that website does not contain/lead to any viruses is ok. If you want to use that search form , you can make a form in your website and post to that form then depending on how that form returns answers you can use an iframe or some code to retrieve results.
     
  3. kylexy

    kylexy New Member

    Joined:
    Feb 21, 2012
    Messages:
    11
    Likes Received:
    1
    Trophy Points:
    0
    ... thanx Alex.Gabriel
    if i may ask you sth else... what about the site's database ?
    i mean, how can i get to it, sql statements i tried gave me some weird output, i have no idea what kind of query that developer wrote, but i was able to get the full path of query-processor file inside server
    what should i learn to dump the database ?
     
  4. Alex.Gabriel

    Alex.Gabriel New Member

    Joined:
    Oct 23, 2011
    Messages:
    86
    Likes Received:
    7
    Trophy Points:
    0
    Occupation:
    Linux system administrator
    Location:
    Italy
    Home Page:
    You cant dump database if you don't have access to phpmyadmin(with user/password) or to an internal file writen with database info / login password/ database. If you have access to these info you can easily export database tables
     

Share This Page