Properties are accessible in a sandboxed iframe

This vector attempts to see which properties are available on the parent window of a sandboxed iframe.

Created by: hackvertor

Created on: Friday, June 7, 2024 at 7:41:00 PM

Updated on: Wednesday, March 19, 2025 at 10:48:44 PM

Vector type: JS

Vector charset: UTF-8

Code used before fuzz:

const props = Object.getOwnPropertyNames(window);
for(const prop in document){
  try{
       props.push(prop);
  } catch{}
}
props.forEach(prop => {
    try {
         if(typeof parent[prop] !== 'undefined') {
             log(prop);
          }
    } catch{}
})

Template used:
1337

Your browser was detected as:

Detecting... Detecting... Detecting... Detecting...

Sample payloads

1337

Fuzz results

Chrome 125.0.0.0 desktop macOS 10.15.7

Updated

Fri Jun 07 2024

Found 13 results

Show differences only?

Filter out alphanumeric

Sort ascending

Firefox 126.0 desktop macOS 10.15

Updated

Fri Jun 07 2024

Found 13 results

Show differences only?

Filter out alphanumeric

Sort ascending

Safari 17.5 desktop macOS 10.15.7

Updated

Fri Jun 07 2024

Found 13 results

Show differences only?

Filter out alphanumeric

Sort ascending