Wednesday, 16 March 2011

Exploiting XSS with clickjacking

Here's a nice video demonstraction of how clickjacking can be used to exploit what would otherwise be an unexploitable cross-site scripting vulnerability:

For further details on the mechanics of this attack, check out Krzysztof Kotowicz's blog post, where he notes the only winning move is not to play.

1 comment:

  1. Grateful to check out your website, I seem to be ahead to more excellent sites and I wish that you wrote more informative post for us. Well done work.