Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: IE - cross site click detection?

from [ViPeR] Network Security [Permanent Link]
Subject: RE: IE - cross site click detection?
Date: Wed, 27 Apr 2005 10:23:20 +0100 (BST) 
hi,

yes, i had actually, mailed a "corrected" version of
my mail to bugtraq, stating that "clicks" are detected
only when you clicked on the blank areas of the page..
seems it was never delieverd.

your example seems to work fine.

rgds,
Gregory R. Panakkal
http://www.crapware.tk

--- James C Slora Jr <Jim.Slora@phra.com> wrote:

For me, it only detects the click in certain
portions of the iframe,
depending on the construction of the page. This
could be refined into some
nasty stuff though.

On pages built using Flash navigation, your
construction does very
interesting things

An example that works OK:

<a href="https://www.paypal.com/";><iframe


src="http://www.hypegallery.com/flash.php?retrieve=true";

frameborder="0"
scrolling="no" marginwidth="0" marginheight="0"
style="border: 0px;
width: 100%; height: 100%;">

Mixed-content pages are especially interesting,
since standard hyperlinks
show their normal destination in the status bar,
unhyperlinked images show
nothing in the status bar.

Start nesting frames and using image maps, etc, and
you could have a totally
unintelligible page that could do all sorts of nasty
stuff while appearing
totally legit.



________________________________________________________________________
Yahoo! India Matrimony: Find your life partner online
Go to: http://yahoo.shaadi.com/india-matrimony
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  ZRCSA-200501 - Multiple vulnerabilities in Claroline, Sieg Fried
Next by Date:  [Full-disclosure] OT: Two Factor Authentication on Linux / Mac / Windows, Mohit Muthanna
Previous by Thread:  IE - cross site click detection?, ViPeR
Next by Thread:  SQL-injections in Invision Power Board v2.0.1, CENSORED
Indexes:  [Date] [Thread] [Top] [All Lists]