Clickjacking for Shells
Loading...
Uploaded by urbanadventur0r on Sep 20, 2011
Andrew Horton (urbanadventurer) presented Clickjacking for Shells at the OWASP Wellington, New Zealand Chapter Meeting on September 20th, 2011.
Two years after the world was warned about clickjacking, popular web apps are still vulnerable and no web app exploits have been published. With many security pros considering clickjacking to have mere nuisance value on social networks, the attack is grossly underestimated. I will demonstrate step by step how to identify vulnerable applications, how to write exploits that attack web apps and also how to protect against clickjacking. To demonstrate this issue I will publish an 0day clickjacking exploit for WordPress v3.1.2 and earlier to gain a shell on the webserver. In May this year the tech media reported and speculated upon clickjacking protection being implemented in WordPress and now I will show you why it is so important.
- 12 likes, 1 dislikes
-
- 2:52
How To Clickjack A Facebook Like Using A Wordpress Blogby duncanwierman2,369 views
- 2:51
Facebook Clickjacking Attacksby SymcSecurityResponse18,714 views
- 2:37
ClickJacking Demonstrationby 3hacking769 views
- 2:24
ClickJackingby shlominar23,168 views
- 2:17
OWASP Clickjackingby pontocom731,410 views
- 10:01
Blackhat Europe 2010: Next Generation Clickjacking 1/7by ChRiStIaAn0081,293 views
- 0:57
Clickjacking demoby thecommandrine1,160 views
- 7:15
Wordpress under SQL Injection Attack!by 7Safe4,858 views
- 5:33
WordPress Admin pass hack via shell sql managerby LiquidSecurityNet13,592 views
- 2:01
See two clickjack examples and how GuardedID protects me from the clickjackingby lookedatlife3,081 views
- 5:03
Hacks_ Clickjacking.m4vby janaankhan992,320 views
- 1:04
ClickJacking Habboby 202gab720 views
- 10:00
WordPress exploit XSSby TheBlacklinux2,239 views
- 1:10
Facebook Clickjacking - "I can't believe a GIRL did this because of Justin Bieber"by nimmaster165,807 views
- 10:47
Exploits - Part 1.movby DHAtEnclaveForensics18,296 views
- 10:21
How Passwds get hacked --1 of the trick {Exploit/0Day} from my 1000 tricks finally revealedby 0StupidProduction300 views
- 0:11
SharePro ClickJacking Script v6 $500by ruam20041,077 views
- 6:45
SMART | HACK ~ Facebook Spam Attack on Users using Clickjacking.by Hackveda320 views
- 4:12
INSECT Pro - Exploiting Microsoft Excelby InsecurityResearch908 views
- 1:30
Microsoft Office DEP bypassby TheTTSecurity190 views
sound?
frankenchrisv 1 month ago
Thank you to all who share this kind of information freely.
ABitOfTheUniverse 2 months ago