- security News Forums
- > Popular browsers continue to be vulnerab...
- > That's not Clickjacking at all!
Posting 
Giorgio Maone, Giorgio Maone
(1 posting since 29 Jan 2009)
That's not Clickjacking at all! 29 January 2009 14:14
That "security expert" either cannot understand Clickjacking, or he's
purposely using the buzzword to get some cheap publicity.
His "PoC" is just an laughably over-elaborated version of a simple:
<a href="http://yahoo.com"
onclick="location='http://xssed.com';return false">Yahoo</a>
That's not Clickjacking by any stretch of imagination, and hardly
malicious: you just get on a "surprise" destination, but nothing more
since it can't do any of the cross-site evils (e.g. bypassing CSRF
protection) of the real thing.
- Threaded View
- Flat View
