15 lines
1.1 KiB
Plaintext
15 lines
1.1 KiB
Plaintext
https://en.wikipedia.org/wiki/Clickjacking[Clickjacking] attacks occur when an attacker try to trick an user to click on certain buttons/links of a legit website. This attack can take place with malicious HTML frames well hidden in an attacker website.
|
|
|
|
|
|
For instance, suppose a safe and authentic page of a social network (\https://socialnetworkexample.com/makemyprofilpublic) which allows an user to change the visibility of his profile by clicking on a button. This is a critical feature with high privacy concerns. Users are generally well informed on the social network of the consequences of this action. An attacker can trick users, without their consent, to do this action with the below embedded code added on a malicious website:
|
|
|
|
----
|
|
<html>
|
|
<b>Click on the button below to win 5000$</b>
|
|
<br>
|
|
<iframe src="https://socialnetworkexample.com/makemyprofilpublic" width="200" height="200"></iframe>
|
|
</html>
|
|
----
|
|
|
|
Playing with the size of the iframe it's sometimes possible to display only the critical parts of a page, in this case the button of the _makemyprofilpublic_ page.
|