Please enable JS

BLOG DETAILS

img

BLOG / JAN 28, 2014 / CYBERINFOADMIN

Discovered in 2008 by Robert Hansen and Jeremiah Grossman – Clickjacking is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer.

  • Methods of Clickjacking
  • BASIC CLICKJACKING:
  • Positioning via CSS (JS not required!)
  • Follow mouse cursor via JS
  • ADVANCED TECHNIQUES:
  • Clickjacking + XSS
  • Clickjacking + CSRF
  • Clickjacking + HTML5 Drag/Drop API
  • Clickjacking + Webcam Exploit

<iframe scrolling=”no” style=”width:1000px; height:1000px;” src=”http://www.bing.com/search?q=google”></iframe>

jQuery is a multi-browser JavaScript library designed to simplify the client-side scripting of HTML.

jQuery is free, open-source software, licensed under the MIT License

Impact : Attacker Can Access Victims’ Web Camera, and God knows what can happen next!

Credits : CyberInfoSec Research Team

Protection : NoScript Plugins