Thursday, March 17, 2011

Yet Another ClickJacking Attempt !

Hi folks,
yet another quick 'n dirty post on ClickJackign Attempts for personal memories. If you are interested on ClickJacking techniques I strongly suggest this reading (Frightened by Links, Franco Callegati and Marco Ramilli).

The following image describes another great Click Jacking attempt found out in http://japan20111.tk.



As you see in the top left corner a little iFrame is loaded ;). It includes a main.php (unfortunately right now has been removed) which is (was) able to load uncontrolled content. The front-end represents a youtube page (http://japan20111.tk/widget.php).



And an external JavaScript is loaded.


Easy, but effective, like every ClickJacking attempts is ... For more complete ClickJacking analysis: here and here

3 comments:

muebles en cuenca said...

It will not succeed in reality, that's exactly what I think.

ethical hacking workshops said...

Certified Ethical Hacker CEH training is held at TechBharat Consulting using official EC-Council curriculum. CEH certification certifies you as Ethical Hacker and Penetration Tester. CEH training is held on Version 7.
ethical hacking workshops

DocX said...

well, good share, will try to look this one