Wednesday, 16 March 2011

Exploiting XSS with clickjacking

Here's a nice video demonstraction of how clickjacking can be used to exploit what would otherwise be an unexploitable cross-site scripting vulnerability:

For further details on the mechanics of this attack, check out Krzysztof Kotowicz's blog post, where he notes the only winning move is not to play.