InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

[INVALID] Issues with ClearClick in Version 1.9.9.63

https://forums.informaction.com/viewtopic.php?t=4240

Page 1 of 1

[INVALID] Issues with ClearClick in Version 1.9.9.63

Posted: Wed Apr 21, 2010 8:09 am
by ClearClick missing something?
I justed checked a demo on ClickJacking: http://ha.ckers.org/weird/followmouse.html
And sadly the default ClickJacking prevention mechanism in IE catches it and NoScript doesn't alert me or prevents it?

I have ClearClick enabled on trusted and untrusted sites.

Re: Issues with ClearClick in Version 1.9.9.63

Posted: Wed Apr 21, 2010 8:42 am
by Giorgio Maone
Nope, ClearClick is working just fine.
That demo is implemented wrongly, since it doesn't account for a real world scenario (i.e. the parent "attacker" document being on a different domain than the embedded "victim" iframe).
Please check http://raffon.net/research/cj/cj.html or another cross-site "real world" PoC, instead.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited