What is Clickjacking

Clickjacking, also known as UI redress attack, is a malicious technique used by hackers to gain control of a web user’s click actions on a page or application. It is a type of attack that takes advantage of the trust a user has in a website by hijacking the user’s clicks and redirecting them to malicious content. The attacker can use multiple transparent or opaque layers to trick a user into clicking on a hidden link or button, which can then be used to control the user’s computer or gain access to sensitive information. The attacker can also use the clickjacking technique to cause users to buy items, reveal confidential information, or even transfer money to their accounts without the user’s knowledge. Clickjacking can be used to target both website and application users and can be used to exploit vulnerabilities in web browsers, operating systems, and web applications.

Exploit Code For Clickjacking

Below is a sample code for exploiting a clickjacking vulnerability:

<html>

<head>

<title>Clickjacking Exploit</title>

</head>

<body>

<iframe src="malicious_site.html" width="100%" height="100%" scrolling="no"></iframe>

<script>

document.onclick = function() {

window.location = "malicious_site.html";

}

</script>

</body>

</html>

In the above code, the attacker has used an iframe to embed a malicious website in the page. The JavaScript code then redirects the user to the malicious website when they click anywhere on the page.