Check for know iframeBuster XSS
- Original issue discovred by myself: https://seclists.org/fulldisclosure/2017/Dec/68
- Couple of day after, google warn user: https://support.google.com/admanager/answer/7622991
- Article: https://www.securityweek.com/google-warns-doubleclick-customers-xss-flaws
A couple of month later:
- https://randywestergren.com/xss-vulnerabilities-in-multiple-iframe-busters-affecting-top-tier-sites/
- https://blog.detectify.com/2018/10/04/iframe-busters-lead-to-xss/
Today:
- Still nothing to detect them ?
$ gem install faraday
$ gem install logger
$ gem install optparse
$ git clone https://github.com/tr4l/iframeBusterXSS.git
$ ./check.rb -r http://perdu.com/
If you use that succesfully for your pentest work and/or bug bounty with monetary rewards, this is mandatory to pay me a beer at the next event we will be together.