Double, Triple, QUADRUPLE Clickjacking?

Discussion in 'BlackHat Lounge' started by TomOh, Oct 8, 2011.

  1. TomOh

    TomOh Registered Member

    Joined:
    Apr 29, 2011
    Messages:
    59
    Likes Received:
    13
    Clickjackers, I am looking for an answer...

    So, say a user gets clickjacked, what if the site receiving the jacked click also has a clickjacking script installed on it? Would that register as a double clickjack?

    Could the double script lead to an endless chain of jacks?

    Main Jacking Site > Jacked click site with clickjacking script also installed > next jacked click site with script installed > repeat > repeat > repeat....

    Is this possible or does it simply not work this way...?

    If it does, the possibilities could be... well, kind of scary.

    Thoughts are appreciated,
     
  2. extremephp

    extremephp BANNED BANNED

    Joined:
    Oct 19, 2010
    Messages:
    1,293
    Likes Received:
    1,276
    User would press these buttons simultaneously to kill your idea : Alt + F4.

    Double clickjacking would be great, build the chain and the people knows how to deal with it.
     
  3. TomOh

    TomOh Registered Member

    Joined:
    Apr 29, 2011
    Messages:
    59
    Likes Received:
    13
    2 responses to that:

    1) I doubt the common uneducated computer user would realize right away to press Alt + F4. That's just not a common command people know off the top of their heads if they aren't into computers...

    2) If the chain was only 2-4 sites long, the Alt + F4 wouldn't matter because their visit has already been taken account for by the time they would get to it.

    My question still being, is it POSSIBLE to do such a chain?