Properties are accessible in a sandboxed iframe
This vector attempts to see which properties are available on the parent window of a sandboxed iframe.
Created by: Gareth Heyes
Created on: 6/7/2024, 7:41:00 PM
Updated on: 6/25/2024, 3:50:28 AM
Vector type: JS
Code used before fuzz:
const props = Object.getOwnPropertyNames(window);
for(const prop in document){
try{
props.push(prop);
} catch{}
}
props.forEach(prop => {
try {
if(typeof parent[prop] !== 'undefined') {
log(prop);
}
} catch{}
})Template used:
1337
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Fuzz results
Chrome 125.0.0.0 desktop macOS 10.15.7
Found 13 results
| Data |
|---|
| blur |
| Data |
|---|
| close |
| Data |
|---|
| closed |
| Data |
|---|
| focus |
| Data |
|---|
| frames |
| Data |
|---|
| length |
| Data |
|---|
| location |
| Data |
|---|
| opener |
| Data |
|---|
| parent |
| Data |
|---|
| postMessage |
| Data |
|---|
| self |
| Data |
|---|
| top |
| Data |
|---|
| window |
Firefox 126.0 desktop macOS 10.15
Found 13 results
| Data |
|---|
| blur |
| Data |
|---|
| close |
| Data |
|---|
| closed |
| Data |
|---|
| focus |
| Data |
|---|
| frames |
| Data |
|---|
| length |
| Data |
|---|
| location |
| Data |
|---|
| opener |
| Data |
|---|
| parent |
| Data |
|---|
| postMessage |
| Data |
|---|
| self |
| Data |
|---|
| top |
| Data |
|---|
| window |
Safari 17.5 desktop macOS 10.15.7
Found 13 results
| Data |
|---|
| blur |
| Data |
|---|
| close |
| Data |
|---|
| closed |
| Data |
|---|
| focus |
| Data |
|---|
| frames |
| Data |
|---|
| length |
| Data |
|---|
| location |
| Data |
|---|
| opener |
| Data |
|---|
| parent |
| Data |
|---|
| postMessage |
| Data |
|---|
| self |
| Data |
|---|
| top |
| Data |
|---|
| window |