猥琐的notclickjacking
Post by amxku on 2008-09-26, 15:53. 技术相关
很猥琐的submitjacking,在群里看到的。应该不是owasp里提到的clickjacking,但也挺有意思,OWASP会议上的Clickjacking可以看看刺写的OWASP会议上的Clickjacking。
XML/HTML代码
- <form name="my_form_tres" action=""
- onSubmit=window.open("http://www.example.com")>
- <input type="submit" id="my_submit_button_tres"
- style="position:absolute;left:0px;visibility:hidden;"/>
- <a href="http://www.breakingpointsystems.com"
- onMouseUp=document.getElementById('my_submit_button_tres').click()>Fake
- link (onmouseup and click)</a>
- </form>
可参见http://www.planb-security.net/notclickjacking/
Tags: submitjacking, 技术, 脚本
Address: http://www.amxku.net/notclickjacking-weishuo/
上一篇 »» 搬家
下一篇 »» PHP in the Register Glob...
相关文章
网友评论
有点意思啊。哈哈
Post by kiki(58.34.*.*) on 2008-09-26, 21:34
Quote #1交换链接,贵站链接已加上
本站地址:http://lovelaozang.cn
老臧's blog - 网络安全技术博客|致力于linux.PHP.Server.Mysql.Security
<a onmousemoveover=window.open("http://www.baidu.com")
href="http://www.163.com/">我是去163的</a>
Post by nuke(58.34.1*.*) on 2008-09-28, 01:35
Quote #3更短跟强大
Post by nuke(58.34.1*.*) on 2008-09-28, 01:35
Quote #4发表评论
