Next Generation Clickjacking

14 Apr 2010

Clickjacking is a term first introduced by Jeremiah Grossman and Robert Hansen in 2008 to describe a technique whereby cross-domain attacks are performed by 'hijacking' user-initiated mouse clicks to perform actions 

In this paper, Paul Stone explores other ways a user can be tricked into interacting with a framed web page, that could allow an attacker to inject arbitrary text into forms and extract content from a web page. Paul shows a new technique that allows information leaded from an iframe to be used for login detection and many other purposes. 


CHECK IT Health Check Service
Cyber Essentials
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326
PCI - Approved Scanning Vendor
NCSC CCSC - Assured Service Provider
ASSURE Cyber Supplier - CAA