The exploit involves two HTML pages: first sets window.name and opens a second page; second contains an iframe to the target sandbox origin, listens for messages from exploited iframe, and uses window.open(url, "Baymax") to navigate original window to AI platform URL with a crafted query parameter. This triggers sandboxed iframe loading. The script then continuously sends malicious start-received messages to the iframe, injecting JavaScript that signals back success and exfiltrates content from all frames periodically.
Read the full article at InfoSec Write-ups - Medium
Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.
9
Comments
Ali NematiWritten by Ali
