Conventionally, you are not allowed to play around with the contents of an iframe of external url with javascript. But with the use of javascript injections, you can do it very easily.
For example, you want to modify the values of text fields in the web page open in an iframe, but the web page is from an external url. What you would have tried first would have been:
But this does not work when you open the web page in a browser. So what to do? Let’s explore the possibilities of doing this with JavaScript Injections.
We know that we have the full permissions to modify the url of an iframe. So what we do is,
And viola! The username is changed!
Applications:
Possible applications of such injections are:
Examples: Anything else you can imagine of!
For example, you want to modify the values of text fields in the web page open in an iframe, but the web page is from an external url. What you would have tried first would have been:
But this does not work when you open the web page in a browser. So what to do? Let’s explore the possibilities of doing this with JavaScript Injections.
We know that we have the full permissions to modify the url of an iframe. So what we do is,
And viola! The username is changed!
Applications:
Possible applications of such injections are:
- Automatic form filling Modifying the contents of iframe with
- Automatic login by using
- Automatic posting/commenting on sites like facebook, wordpress blogs, etc.
- Or you can go further and insert a full javascript file into the external web page with:
Examples: Anything else you can imagine of!