What is the real damage caused by ClickJacking iFrame Vulnerability?

Hi,

I have recently come across clickjacking and how it is reliant upon a vulnerability in the iFrame relating to same user-origin and the Content Security Policy (CSP) not being setup.

What I don't understand is how clickjacking is dangerous and its true usage. Sure you may be able to put a vulnerable login page and have invisible buttons – but then how does it all work in terms of an attacker getting what they want?

My understanding is that an iFrame or inline frame is essentially a window and HTML tag that allows one to embed third party content on their website. So for example, Google Maps or even a Twitter Feed.

But then what I don't quite get is how it can be used to cause damage and in what cases

If someone could clarify this, that would be great!

Thanks

Touch here for the full post on Network Security Noblemen tumblr

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s