tr4l
commented
5 years ago The only Iframe I found for atlas only contains a script: http://rmd.atdmt.com/tl/newIframeScript.js The domain name doesn't resolve on my side, and is hosted on http. (that means the iframe should also be in http to work with modern browser)
For double click, they are several iframe
- adx_iframe.html
- DARTIframe.html
I played a lot with the DARTIframe.html one, and I think this may be possible to make a race XSS. (some more tips on https://seclists.org/fulldisclosure/2019/Jun/48 ) I haven't look at the other one.
random-robbie
Hey,
Do you have any examples for the atlas and double click pocs at all?