Description

In an iFrame overlay attack the victim is tricked into unknowingly initiating some action in one system while interacting with the UI from seemingly completely different system.

Attack Execution Flow

3

1

Step 1

Explore

[Craft an iFrame Overlay page] The adversary crafts a malicious iFrame overlay page.
The adversary leverages iFrame overlay capabilities to craft a malicious iFrame overlay page.

Attack Techniques

The adversary leverages iFrame overlay capabilities to craft a malicious iFrame overlay page.

2

Step 2

Exploit

[adversary tricks victim to load the iFrame overlay page] adversary utilizes some form of temptation, misdirection or coercion to trick the victim to loading and interacting with the iFrame overlay page in a way that increases the chances that the victim will visit the malicious page.
Trick the victim to the malicious site by sending the victim an e-mail with a URL to the site.
Trick the victim to the malicious site by manipulating URLs on a site trusted by the victim.
Trick the victim to the malicious site through a cross-site scripting attack.

Attack Techniques

Trick the victim to the malicious site by manipulating URLs on a site trusted by the victim.
Trick the victim to the malicious site by sending the victim an e-mail with a URL to the site.
IT: Inganna la vittima facendola visitare il sito malevolo manipolando gli URL su un sito di cui si fida.
Trick the victim to the malicious site through a cross-site scripting attack.
IT: Inganna la vittima facendola visitare il sito malevolo manipolando gli URL su un sito di cui si fida.

3

Step 3

Exploit

[Trick victim into interacting with the iFrame overlay page in the desired manner] The adversary tricks the victim into clicking on the areas of the UI which contain the hidden action controls and thereby interacts with the target system maliciously with the victim's level of privilege.
Hide action controls over very commonly used functionality.
Hide action controls over very psychologically tempting content.

Attack Techniques

Hide action controls over very commonly used functionality.
Hide action controls over very psychologically tempting content.
IT: Nascondi i controlli delle azioni su funzionalità molto comunemente utilizzate.

Mitigations

3

Consequences

Security Scopes Affected

Access Control Accountability Authentication Authorization Confidentiality Integrity Non-Repudiation

Potential Impacts

Bypass Protection Mechanism Execute Unauthorized Commands Gain Privileges Modify Data Read Data

Relationships

Resources Required

1

CAPEC 222 iFrame Overlay

Description

Attack Execution Flow

Step 1

Attack Techniques

Step 2

Attack Techniques

Step 3

Attack Techniques

Mitigations

Configuration: Disable Iframes In The Web Browser.

Operation: If Using The Firefox Browser, Use The Noscript Plug-In That Will Help Forbid Iframes.

Operation: When Maintaining An Authenticated Session With A Privileged Target System, Do Not Use The Same Browser To Navigate To Unfamiliar Sites To Perform Other Activities. Finish Working With The Target System And Logout First Before Proceeding To Other Tasks.

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Parent CAPECs

Resources Required

CAPEC 222 iFrame Overlay

Description

Attack Execution Flow

Step 1

Attack Techniques

Step 2

Attack Techniques

Step 3

Attack Techniques

Mitigations

Configuration: Disable Iframes In The Web Browser.

Operation: If Using The Firefox Browser, Use The Noscript Plug-In That Will Help Forbid Iframes.

Operation: When Maintaining An Authenticated Session With A Privileged Target System, Do Not Use The Same Browser To Navigate To Unfamiliar Sites To Perform Other Activities. Finish Working With The Target System And Logout First Before Proceeding To Other Tasks.

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Parent CAPECs

Resources Required

Iscriviti alla newsletter