101 Articles XSS and Iframes
XSS AND IFRAMES
XSS:
XSS stands for Cross-Site Scripting which is a type of computer security vulnerability found in web applications that enables spammers, hackers and other attackers to inject client side script into webpages viewed by other web surfers. It is generally used by attackers to bypass access controls. Usually websites that contains security vulnerabilities to the extent of 80% are common victims and attackers tend to attack them with XSS. Such kind of an attack is also termed as XSS attack. The degree or influence of the attack largely varies depending upon the nature of the attack. It can range from a simple nuisance to create unnecessary issues for the website owner to a significant risk depending upon the sensitivity of data handled by that particular vulnerable website. It also depends upon the nature of mitigation employed by the site's owner as well.
There are two kinds of cross-site scripting when it comes to XSS. These two kinds are predominantly termed as persistent and non-persistent
Non persistent:
It is a cross-site scripting vulnerability which is by far the most common type deployed. These vulnerabilities are exposed when a client side data posted in the form of HTTP query parameters or HTML form submission is used by the server side script to generate a page of results for that particular user or client without analyzing or sanitizing the request.
This will particularly lead to markup injection in further course. A typical example for such a procedure would be when the client searches for a string, the search string will be redisplayed in the result page to indicate what was searched for. If this response does not escape or reject HTML control characters, a cross-site scripting flaw will ensure. The reflected attack is then delivered via e-mail or a neutral website. The bait is the innocent looking URL pointing to a trusted site but contains the XSS vector.
Persistent:
It is a more devastating variant of cross-site scripting flaw. It happens when the data provided by the user is permanently saved on the server side and displayed on the particular web pages that are displayed to other genuine normal web users. The attacker's malicious script is rendered automatically. The same code also has the property to self propagate across accounts creating a type of client side worm. The methods of injection can vary in great deal. This kind of injection enables the attacker to retrieve sensitive data that pertains to the website which is now under the control of the attacker and he can exploit it in any way he wants.
XSS, redirects and SEO:
Google PageRank factor works in such a way that more the number of people linking to your website the better it is for your website's rank. It is probably one of the biggest reasons why people tend to turn to using both XSS and redirection attacks.
XSS allows you to put HTML content on the webpage. The main functionality of Google Bots is to surf the internet in an attempt to find quality links to your domain in order to calculate how relevant your website turns out to be. Each link identified is taken as a vote. Some votes are given more points than other votes primarily because of the reputation of that particular websites that has linked to yours. Backlinks play a crucial factor when it comes deciding the fate of the website. Search engine algorithms give heavy considerations for backlinks and keywords while carrying out an assessment for a particular website and then rank it accordingly. Hence, the more backlinks you have got for your website, the more chances for you to be ranked higher which gives you that window of opportunity to be listed among the top 10 websites in the result sets pertaining to a search phrase or a keyword.
The attackers, spammers and other hackers essentially make use of XSS attacks to gather details from very well reputed websites and other websites containing security vulnerabilities in order to create backlinks with them for the betterment of their websites. If the URL or link of your website is listed on a very well respected domain your website is bound to be ranked higher. This technique is also known as redirection attack. All you need to do is find a hundred really well respected domains that had XSS issues and voila, once you have indexed your webpages, you would also achieve much higher PageRank for every webpage. This is what spammers, attackers and other hackers essentially do.
When it comes to relation between XSS and SEO strategies, people predominantly concentrate upon redirection attacks and not XSS stored attacks. The whole purpose behind the attack is to get more backlinks for one's website in order to increase its popularity and its rankings respectively. And these redirect attacks does not take post parameters to attack bur rather URL only. This makes it easier to get Google and other famous search engines to spider the domain with your custom URL. XSS stored attacks are even more predominant and difficult to detect as they employ automated and dynamic tools for attacking without leaving behind traces or tracks.
The most effective way is to set up Googlebot like robots that scowered the page looking for your link in valid HTML syntax. This process is definitely possible in order to index webpages and get a higher ranking by creating fake backlinks for that particular website. Though it looks pretty complicated and the person has to shed in more time and space along with good technical skills, it is pretty much possible which makes it even more difficult for search engines to identify and rectify the issues. Certainly this would become a super power SEO tool for manipulating search engines to get better rankings.
Malicious programmers such as spammers, hackers etc spread malware by exploiting XSS vulnerabilities on high profile websites. In order to be more specific, they inject IFRAMES which loads malicious contents from different IP sources around the world. This particular search engine optimization strategy is applied websites with high PageRank factor. Subsequently they also attract millions of innocent web users who unwittingly click the indexed trap links in search engines while searching for particular information or a product that constitutes the search phrase or a keyword. Thus they too get affected by malware, spyware and other adware.
IFRAMES and SEO:
IFRAME stands for Inline Frame which is an HTML element that allows embedding another HTML document inside the main one. Off late it has become one of the most popular ways to embed interactive and multimedia content inside the block of a text.
The content of the IFRAME is not considered as a part of the parent page.
The page within the IFRAME maybe crawled and indexed
Screen radar will turn the iFrame into a link to the source page.
Links within iFrame are quite accessible.
In order to make it accessible, include a text description within the iFrame.
The text description works well for those who have disabled frames.
Make use of scrolling attribute to make it more accessible.
From Search Engine Optimization point of view, the use of iFrames is very problematic for several reasons.
The search engines will normally link to the iFrames pages itself instead of the master webpage. This abrupt site navigation. It does not become optimal for gaining the attention of spiders or visitors.
You are also displaying the contents of another webpage via iFrame concept and thus you have no control over the information displayed there if you are linking to an external web page. As a result the contents are dynamic and keep changing as per the webpage's owner and modifications instilled in them. Search engines will also notice that you are making use of another site's contents and thus it will not impact your site's ranking based upon that particular content.
Also some users turn off the IFRAME element in the advanced settings because of the security issues it posts.
If too many sites make use of the same iFrame element, search engines consider this as duplicate content which might even render a ban to your website.
What an attacker or a spammer eventually does is attack a particular vulnerable website, incorporate codes using iFrame element to affect that particular site's, redirect the traffic to his site to make his site gain popularity.
Due to the large amount of backlinks generated using iFrame codes, the site is most likely to be ranked higher by search engines creating issues and headaches for several genuine websites, SEO firms and other web developing firms.
Also they amalgamate the efficiency of search engines by defeating its sole purpose. As an expert I have come across several scenarios wherein 6 of the top 10 result sets pertaining to various search phrases or keywords belong to a poor site that hardly provides any information or no information at all.
Also millions of web users are not tech savvy. Not everyone understands the importance of blocking frames and other filtration techniques. Also a general sense of awareness about how these spammers, hackers and other attackers break into your system and spoil it is not present among the common public.
Spammers and other attackers inject iFrame codes into high ranked and reputed websites to bring down its rankings and at the same time cheat people by making them click on indexed trap links in search engines while they search for information using these popular search engines and consequently get affected by malware, adware and spyware.
Solutions for handling the vulnerabilities:
Convert all applicable characters to HTML entities in the source code.
Manually review the codes instead using automated software's.
Protect visitor's privacy and security of those who visit your page. Earn their trust and faith.
Make use of HTML functions such as htmlspecialchars (), htmlentities ().
 |
Screen Shots |
 |
Graph |
According to the pie chart, there is about 12.58% of XSS spamming on the web with the other ways of spamming being Banking Trojan, DNS Hijacking and many more.
 |
Working Examples |
 |
References |
 |
Other sites that refer to the same manipulation tactic are as follows |