BLOG DETAILS

Discovered in 2008 by Robert Hansen and Jeremiah Grossman – Clickjacking is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer.

• Methods of Clickjacking
• BASIC CLICKJACKING:
• Positioning via CSS (JS not required!)
• Follow mouse cursor via JS
• ADVANCED TECHNIQUES:
• Clickjacking + XSS
• Clickjacking + CSRF
• Clickjacking + HTML5 Drag/Drop API
• Clickjacking + Webcam Exploit

<iframe scrolling=”no” style=”width:1000px; height:1000px;” src=”http://www.bing.com/search?q=google”></iframe>

jQuery is a multi-browser JavaScript library designed to simplify the client-side scripting of HTML.

jQuery is free, open-source software, licensed under the MIT License

Impact : Attacker Can Access Victims’ Web Camera, and God knows what can happen next!

Credits : CyberInfoSec Research Team

Protection : NoScript Plugins