Go4Expert

Go4Expert (http://www.go4expert.com/)
-   Web Design, HTML And CSS Forums (http://www.go4expert.com/forums/web-design-forum/)
-   -   is iframe vulnerability or not ? (http://www.go4expert.com/forums/iframe-vulnerability-t28414/)

kylexy 20May2012 16:58

is iframe vulnerability or not ?
 
hey guys... i'm in need for some help here
i found this website with a php index page, and there's a mysql database behind it
there's a search box in it and i tried some script but it didn't work , but i was able to make an iframe and i could see the square 200x200 on screen
i mean, now that i can use iframe in this site, what can i do with it /?
i mean so is this some kind of a vulnerability ? and if so, what can i do to this site
i swear i have no black intentions, just testing my skills

Alex.Gabriel 20May2012 19:10

Re: is iframe vulnerability or not ?
 
You can iframe even google's search engine. If the IFramed part of that website does not contain/lead to any viruses is ok. If you want to use that search form , you can make a form in your website and post to that form then depending on how that form returns answers you can use an iframe or some code to retrieve results.

kylexy 21May2012 01:24

Re: is iframe vulnerability or not ?
 
... thanx Alex.Gabriel
if i may ask you sth else... what about the site's database ?
i mean, how can i get to it, sql statements i tried gave me some weird output, i have no idea what kind of query that developer wrote, but i was able to get the full path of query-processor file inside server
what should i learn to dump the database ?

Alex.Gabriel 21May2012 01:40

Re: is iframe vulnerability or not ?
 
You cant dump database if you don't have access to phpmyadmin(with user/password) or to an internal file writen with database info / login password/ database. If you have access to these info you can easily export database tables


All times are GMT +5.5. The time now is 01:36.