Properties are accessible in a sandboxed iframe

This vector attempts to see which properties are available on the parent window of a sandboxed iframe.

Created by: Gareth Heyes

Created on: 6/7/2024, 7:41:00 PM

Updated on: 6/12/2024, 9:56:20 PM

Vector type: JS

Code used before fuzz:
const props = Object.getOwnPropertyNames(window);
for(const prop in document){
  try{
       props.push(prop);
  } catch{}
}
props.forEach(prop => {
    try {
         if(typeof parent[prop] !== 'undefined') {
             log(prop);
          }
    } catch{}
})
Template used:
1337
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Fuzz results

Chrome logo
Chrome 125.0.0.0 desktop macOS 10.15.7
Found 13 results
Data
blur
Data
close
Data
closed
Data
focus
Data
frames
Data
length
Data
location
Data
opener
Data
parent
Data
postMessage
Data
self
Data
top
Data
window
Firefox logo
Firefox 126.0 desktop macOS 10.15
Found 13 results
Data
blur
Data
close
Data
closed
Data
focus
Data
frames
Data
length
Data
location
Data
opener
Data
parent
Data
postMessage
Data
self
Data
top
Data
window
Safari logo
Safari 17.5 desktop macOS 10.15.7
Found 13 results
Data
blur
Data
close
Data
closed
Data
focus
Data
frames
Data
length
Data
location
Data
opener
Data
parent
Data
postMessage
Data
self
Data
top
Data
window