> For the complete documentation index, see [llms.txt](https://hacktricks.xsx.tw/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://hacktricks.xsx.tw/pentesting-web/postmessage-vulnerabilities/steal-postmessage-modifying-iframe-location.md).
# Steal postmessage modifying iframe location
从零开始学习 AWS 黑客技术,成为专家 htARTE(HackTricks AWS 红队专家)!
* 您在**网络安全公司**工作吗? 想要在 HackTricks 中看到您的**公司广告**? 或者想要访问**PEASS 的最新版本或下载 HackTricks 的 PDF**? 请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
* 发现我们的独家[NFTs 集合](https://opensea.io/collection/the-peass-family) - [**The PEASS Family**](https://opensea.io/collection/the-peass-family)
* 获取[**官方 PEASS & HackTricks 商品**](https://peass.creator-spring.com)
* **加入** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord 群组**](https://discord.gg/hRep4RUj7f) 或 [**电报群组**](https://t.me/peass) 或在 **Twitter** 上关注我 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**。**
* **通过向** [**hacktricks 仓库**](https://github.com/carlospolop/hacktricks) **和** [**hacktricks-cloud 仓库**](https://github.com/carlospolop/hacktricks-cloud) **提交 PR 来分享您的黑客技巧**。
## 更改子 iframe 位置
根据[**这篇文章**](https://blog.geekycat.in/google-vrp-hijacking-your-screenshots/),如果您可以在没有 X-Frame-Header 的网页中嵌入包含另一个 iframe 的网页,您可以**更改该子 iframe 的位置**。
例如,如果 abc.com 将 efg.com 作为 iframe,并且 abc.com 没有 X-Frame 头,我可以使用 **`frames.location`** 将 efg.com 更改为恶意网站 evil.com,跨源。
这在**postMessages**中特别有用,因为如果页面使用类似 `windowRef.postmessage("","*")` 这样的**通配符**发送敏感数据,就有可能**更改相关 iframe(子级或父级)的位置到攻击者控制的位置**,从而窃取这些数据。
```html
```
从零开始学习AWS黑客技术,成为专家 htARTE(HackTricks AWS Red Team Expert)!
* 你在**网络安全公司**工作吗?想要看到你的**公司在HackTricks上宣传**吗?或者想要获取**PEASS的最新版本或下载HackTricks的PDF**吗?查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
* 探索[**PEASS家族**](https://opensea.io/collection/the-peass-family),我们独家的[**NFTs**](https://opensea.io/collection/the-peass-family)
* 获取[**官方PEASS & HackTricks周边**](https://peass.creator-spring.com)
* **加入** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord群**](https://discord.gg/hRep4RUj7f) 或 [**电报群**](https://t.me/peass) 或 **关注**我的**Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**。**
* **通过向**[**hacktricks仓库**](https://github.com/carlospolop/hacktricks)**和**[**hacktricks-cloud仓库**](https://github.com/carlospolop/hacktricks-cloud)**提交PR来分享你的黑客技巧**。
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://hacktricks.xsx.tw/pentesting-web/postmessage-vulnerabilities/steal-postmessage-modifying-iframe-location.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.