| 词条 | Frame injection |
| 释义 |
A frame injection attack is an attack on Internet Explorer 5, Internet Explorer 6 and Internet Explorer 7 to load arbitrary code in the browser.[1] This attack is caused by Internet Explorer not checking the destination of the resulting frame,[2] therefore allowing arbitrary code such as Javascript or VBScript. This also happens when code gets injected through frames due to scripts not validating their input.[3] This other type of frame injection affects all browsers and scripts that do not validate untrusted input.[4] References1. ^{{cite web|url=http://secunia.com/advisories/11966/ |title=Internet Explorer Frame Injection Vulnerability |work= Vulnerability Intelligence |publisher=Secunia Advisories |date= |accessdate=2008-09-13}} 2. ^{{cite web|url=http://www.microsoft.com/technet/security/bulletin/ms98-020.mspx |title=Microsoft Security Bulletin (MS98-020) |publisher=Microsoft Corporation |date= |accessdate=2008-09-13}} 3. ^{{cite web|url=http://www.owasp.org/index.php/Cross_Frame_Scripting |title=Cross Frame Scripting - OWASP |publisher=OWASP |date= |accessdate=2008-09-13}} 4. ^{{cite web|url=http://secunia.com/cve_reference/CVE-2004-0719/ |archiveurl=https://web.archive.org/web/20071219181848/http://secunia.com/cve_reference/CVE-2004-0719/ |archivedate=2007-12-19 |title=Secunia Advisory|publisher=Secunia |date= |accessdate=2008-09-13}} External links
3 : Injection exploits|Hacking (computer security)|Computer security exploits |
| 随便看 |
开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。