Blog Details

Posted in: Blog, Posted On: Jan 28, 2014, Posted By: cyberinfoadmin

Web Camera Exploit using Clickjacking Attack

What is Click Jacking?


Discovered in 2008 by Robert Hansen and Jeremiah Grossman – Clickjacking is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer.


Methods of Clickjacking

BASIC CLICKJACKING:

Positioning via CSS (JS not required!)

Follow mouse cursor via JS

ADVANCED TECHNIQUES:

Clickjacking + XSS

Clickjacking + CSRF

Clickjacking + HTML5 Drag/Drop API

Clickjacking + Webcam Exploit


<iframe scrolling=”no” style=”width:1000px; height:1000px;” src=”http://www.bing.com/search?q=google”></iframe>

What is JQuery?


jQuery is a multi-browser JavaScript library designed to simplify the client-side scripting of HTML.

jQuery is free, open-source software, licensed under the MIT License

Impact: Attacker Can Access Victims’ Web Camera, and God knows what can happen next!

Credits: CyberInfoSec  Research Team

Protection: NoScript Plugins