Check for know iframeBuster XSS
- Original issue discovred by myself: https://seclists.org/fulldisclosure/2017/Dec/68
- Couple of day after, google warn user: https://support.google.com/admanager/answer/7622991
- Article: https://www.securityweek.com/google-warns-doubleclick-customers-xss-flaws
A couple of month later:
- Still nothing to detect them ?
$ gem install faraday $ gem install logger $ gem install optparse $ git clone https://github.com/tr4l/iframeBusterXSS.git
$ ./check.rb -r http://perdu.com/
If you use that succesfully for your pentest work and/or bug bounty with monetary rewards, this is mandatory to pay me a beer at the next event we will be together.