Properties are accessible in a sandboxed iframe
This vector attempts to see which properties are available on the parent window of a sandboxed iframe.
Created by: Gareth Heyes
Created on: 6/7/2024, 7:41:00 PM
Updated on: 6/25/2024, 3:50:28 AM
Vector type: JS
Code used before fuzz:
const props = Object.getOwnPropertyNames(window);
for(const prop in document){
try{
props.push(prop);
} catch{}
}
props.forEach(prop => {
try {
if(typeof parent[prop] !== 'undefined') {
log(prop);
}
} catch{}
})
Template used:
1337
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Fuzz results
![Chrome logo](/_next/image?url=%2Flogos%2Fbrowsers%2Fchrome.png&w=64&q=75)
Chrome 125.0.0.0 desktop macOS 10.15.7
Found 13 results
Data |
---|
blur |
Data |
---|
close |
Data |
---|
closed |
Data |
---|
focus |
Data |
---|
frames |
Data |
---|
length |
Data |
---|
location |
Data |
---|
opener |
Data |
---|
parent |
Data |
---|
postMessage |
Data |
---|
self |
Data |
---|
top |
Data |
---|
window |
![Firefox logo](/_next/image?url=%2Flogos%2Fbrowsers%2Ffirefox.png&w=64&q=75)
Firefox 126.0 desktop macOS 10.15
Found 13 results
Data |
---|
blur |
Data |
---|
close |
Data |
---|
closed |
Data |
---|
focus |
Data |
---|
frames |
Data |
---|
length |
Data |
---|
location |
Data |
---|
opener |
Data |
---|
parent |
Data |
---|
postMessage |
Data |
---|
self |
Data |
---|
top |
Data |
---|
window |
![Safari logo](/_next/image?url=%2Flogos%2Fbrowsers%2Fsafari.png&w=64&q=75)
Safari 17.5 desktop macOS 10.15.7
Found 13 results
Data |
---|
blur |
Data |
---|
close |
Data |
---|
closed |
Data |
---|
focus |
Data |
---|
frames |
Data |
---|
length |
Data |
---|
location |
Data |
---|
opener |
Data |
---|
parent |
Data |
---|
postMessage |
Data |
---|
self |
Data |
---|
top |
Data |
---|
window |