# SOME - Same Origin Method Execution
{% hint style="success" %}
Learn & practice AWS Hacking:
[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
Learn & practice GCP Hacking: 
[**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** π¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** π¦ [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %}
### [WhiteIntel](https://whiteintel.io)
.png)
[**WhiteIntel**](https://whiteintel.io)λ **λ€ν¬ μΉ** κΈ°λ°μ κ²μ μμ§μΌλ‘, κΈ°μ
μ΄λ κ³ κ°μ΄ **stealer malwares**μ μν΄ **μΉ¨ν΄**λμλμ§ νμΈν μ μλ **무λ£** κΈ°λ₯μ μ 곡ν©λλ€.
WhiteIntelμ μ£Όμ λͺ©νλ μ 보 νμ·¨ μ
μ± μννΈμ¨μ΄λ‘ μΈν κ³μ νμ·¨ λ° λμ¬μ¨μ΄ 곡격μ λ§μ μΈμ°λ κ²μ
λλ€.
κ·Έλ€μ μΉμ¬μ΄νΈλ₯Ό νμΈνκ³ **무λ£**λ‘ μμ§μ μ¬μ©ν΄ λ³Ό μ μμ΅λλ€:
{% embed url="https://whiteintel.io" %}
***
## Same Origin Method Execution
νμ΄μ§μμ μ νλ μλ°μ€ν¬λ¦½νΈλ₯Ό μ€νν μ μλ κ²½μ°κ° μμ΅λλ€. μλ₯Ό λ€μ΄, [**μ€νλ μ½λ°± κ°μ μ μ΄ν μ μλ κ²½μ°**](./#javascript-function)μ
λλ€.
μ΄λ° κ²½μ°, ν μ μλ κ°μ₯ μ’μ μΌ μ€ νλλ **DOMμ μ κ·Όνμ¬** κ·Έκ³³μμ μ°Ύμ μ μλ μ΄λ€ **λ―Όκ°ν μμ
μ νΈμΆνλ κ²**μ
λλ€ (μ: λ²νΌ ν΄λ¦). κ·Έλ¬λ μΌλ°μ μΌλ‘ μ΄ μ·¨μ½μ μ **DOMμ ν₯λ―Έλ‘μ΄ κ²μ΄ μλ μμ μλν¬μΈνΈμμ λ°κ²¬λ©λλ€**.
μ΄λ° μλ리μ€μμ μ΄ κ³΅κ²©μ λ§€μ° μ μ©ν©λλ€. κ·Έ μ΄μ λ **κ°μ λλ©μΈμ λ€λ₯Έ νμ΄μ§μμ DOM λ΄μ μ νλ JS μ€νμ μ
μ©ν μ μλ** κ²μ΄κΈ° λλ¬Έμ
λλ€.
κΈ°λ³Έμ μΌλ‘ 곡격 νλ¦μ λ€μκ³Ό κ°μ΅λλ€:
* **μ
μ©ν μ μλ μ½λ°±μ μ°Ύμ΅λλ€** (μ μ¬μ μΌλ‘ \[\w\\.\_]λ‘ μ νλ¨).
* μ νμ΄ μκ³ μ΄λ€ JSλ μ€νν μ μλ€λ©΄, μΌλ° XSSμ²λΌ μ΄λ₯Ό μ
μ©ν μ μμ΅λλ€.
* **νΌν΄μκ° κ³΅κ²©μκ° μ μ΄νλ νμ΄μ§λ₯Ό μ΄λλ‘ λ§λλλ€.**
* **νμ΄μ§κ° λ€λ₯Έ μ°½μμ μ΄λ¦½λλ€** (μ μ°½μ μ΄κΈ° μ°½μ μ°Έμ‘°νλ **`opener`** κ°μ²΄λ₯Ό κ°μ§λλ€).
* **μ΄κΈ° νμ΄μ§**λ **ν₯λ―Έλ‘μ΄ DOM**μ΄ μμΉν **νμ΄μ§**λ₯Ό λ‘λν©λλ€.
* **λ λ²μ§Έ νμ΄μ§**λ **μ½λ°±μ μ
μ©νμ¬ μ·¨μ½ν νμ΄μ§λ₯Ό λ‘λνκ³ ** **`opener`** κ°μ²΄λ₯Ό μ¬μ©νμ¬ **μ΄κΈ° νμ΄μ§μμ μ΄λ€ μμ
μ μ κ·Όνκ³ μ€νν©λλ€** (μ΄μ ν₯λ―Έλ‘μ΄ DOMμ ν¬ν¨νκ³ μμ΅λλ€).
{% hint style="danger" %}
μ΄κΈ° νμ΄μ§κ° λ λ²μ§Έ νμ΄μ§λ₯Ό μμ±ν ν μ URLμ μ κ·ΌνλλΌλ, **λ λ²μ§Έ νμ΄μ§μ `opener` κ°μ²΄λ μ¬μ ν μ DOMμμ 첫 λ²μ§Έ νμ΄μ§μ λν μ ν¨ν μ°Έμ‘°μ
λλ€**.
λν, λ λ²μ§Έ νμ΄μ§κ° opener κ°μ²΄λ₯Ό μ¬μ©ν μ μμΌλ €λ©΄ **λ νμ΄μ§ λͺ¨λ κ°μ μΆμ²μ μμ΄μΌ ν©λλ€**. μ΄κ²μ΄ μ΄ μ·¨μ½μ μ μ
μ©νκΈ° μν΄ **κ°μ μΆμ²μμ XSSλ₯Ό μ°ΎμμΌ νλ μ΄μ μ
λλ€**.
{% endhint %}
### Exploitation
* μ΄ μμμ μ¬μ©νμ¬ **μ΄ μ νμ μ·¨μ½μ μ μ
μ©νκΈ° μν PoCλ₯Ό μμ±ν μ μμ΅λλ€**: [https://www.someattack.com/Playground/SOMEGenerator](https://www.someattack.com/Playground/SOMEGenerator)
* ν΄λ¦ν HTML μμμ λν DOM κ²½λ‘λ₯Ό μ°ΎκΈ° μν΄ μ΄ λΈλΌμ°μ νμ₯ νλ‘κ·Έλ¨μ μ¬μ©ν μ μμ΅λλ€: [https://www.someattack.com/Playground/targeting\_tool](https://www.someattack.com/Playground/targeting\_tool)
### Example
* μ·¨μ½ν μμ λ₯Ό [https://www.someattack.com/Playground/](https://www.someattack.com/Playground/)μμ μ°Ύμ μ μμ΅λλ€.
* μ΄ μμ μμ μλ²λ **μλ°μ€ν¬λ¦½νΈ μ½λλ₯Ό μμ±νκ³ ** μ΄λ₯Ό **μ½λ°± 맀κ°λ³μμ λ΄μ©μ λ°λΌ** HTMLμ μΆκ°νκ³ μμ΅λλ€: `` . κ·Έλμ μ΄ μμ μμλ `opener`μ μ¬μ©μ λͺ
μμ μΌλ‘ μ§μν νμκ° μμ΅λλ€.
* μ΄ CTF μμ±λ¬Όλ νμΈνμΈμ: [https://ctftime.org/writeup/36068](https://ctftime.org/writeup/36068)
## References
* [https://conference.hitb.org/hitbsecconf2017ams/sessions/everybody-wants-some-advance-same-origin-method-execution/](https://conference.hitb.org/hitbsecconf2017ams/sessions/everybody-wants-some-advance-same-origin-method-execution/)
{% hint style="success" %}
Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** π¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** π¦ [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %}