1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Just some food for thought with clickjacking

Discussion in 'Making Money' started by dannyhw, Jan 16, 2009.

  1. dannyhw

    dannyhw Senior Member

    Joined:
    Jul 16, 2008
    Messages:
    980
    Likes Received:
    462
    Occupation:
    Software Engineer
    Location:
    New York City Burbs
    I'm not going to try this, but I figure it would work. There's that script out there where you can position a hidden iframe under the mouse at all times. Host a digg or reddit button in that iframe and have it always positioned over the up button. You'd probably hit #1 pretty quick, but people would raise hell.
     
  2. oceanman

    oceanman BANNED BANNED

    Joined:
    Dec 30, 2008
    Messages:
    285
    Likes Received:
    168
    what for risk it and waste time doing this shit ?? go do other things..
     
  3. dannyhw

    dannyhw Senior Member

    Joined:
    Jul 16, 2008
    Messages:
    980
    Likes Received:
    462
    Occupation:
    Software Engineer
    Location:
    New York City Burbs
    I started off in this business because I was a hacker 10 years ago. I can't let this stuff go by without at least figuring out the feasability. This was just for fun.

    Think what you will, but this is a major issue. If this trick were to catch on, it would cripple the sites. In fact, if someone wanted to use this purely maliciously, they could generate accounts and sites easily to make it so the users couldn't block the spam fast enough. It's a pretty big deal.

    About a year ago I found an XSS hole in craigslist. It's no business model, but if I wanted to, I could have raised hell with it. Can you imagine? Posting javascript across all the craigslist categories in every city? Drive by installing a bot to auto post? CL would be completely unusable within a few hours.
     
  4. come2go

    come2go Newbie

    Joined:
    Jan 12, 2009
    Messages:
    29
    Likes Received:
    8

    where could i find that script from?
     
  5. dannyhw

    dannyhw Senior Member

    Joined:
    Jul 16, 2008
    Messages:
    980
    Likes Received:
    462
    Occupation:
    Software Engineer
    Location:
    New York City Burbs
    It's somewhere in the Harro clickjacking thread, but I'm going to put together an actual proof of concept for Reddit tonight.