Lab: Clickjacking with form input data prefilled from a URL parameter

preview_player
Показать описание
This lab extends the basic clickjacking example in Lab: Basic clickjacking with CSRF token protection. The goal of the lab is to change the email address of the user by prepopulating a form using a URL parameter and enticing the user to inadvertently click on an "Update email" button.

To solve the lab, craft some HTML that frames the account page and fools the user into updating their email address by clicking on a "Click me" decoy. The lab is solved when the email address is changed.

You can log in to your own account using the following credentials: wiener:peter
  1. oldlamb
Рекомендации по теме
Lab Clickjacking with 0:05:36

Lab Clickjacking with form input data prefilled from a URL parameter

Clickjacking with form 0:02:19

Clickjacking with form input data prefilled from a URL parameter - APPRENTICE

Clickjacking with form 0:02:58

Clickjacking with form input data prefilled from a URL parameter (Video solution)

PortSwigger Clickjacking Lab-2 0:05:10

PortSwigger Clickjacking Lab-2 | Clickjacking with form input data prefilled from a URL parameter

Web Security Academy 0:07:43

Web Security Academy | Clickjacking | 2 - Clickjacking with Form Input Data Prefilled

Clickjacking with form 0:04:16

Clickjacking with form input data prefilled from a URL parameter

Clickjacking with form 0:05:17

Clickjacking with form input data prefilled from a URL parameter

Clickjacking with form 0:03:56

Clickjacking with form input data prefilled from a URL parameter (Video Solution) | 2020

Lab: Clickjacking with 0:26:16

Lab: Clickjacking with form input data prefilled from a URL parameter

Clickjacking - Lab 0:08:31

Clickjacking - Lab 2 : Clickjacking with form input data prefilled from a URL parameter

LAB 2.2: Exploiting 0:02:45

LAB 2.2: Exploiting Clickjacking with Prefilled Form Inputs via URL Parameter | PortSwigger Tutorial

Lab Clickjacking with 0:04:30

Lab Clickjacking with a frame buster script

Basic clickjacking with 0:02:38

Basic clickjacking with CSRF token protection - APPRENTICE

Clickjacking - Hacking 0:08:01

Clickjacking - Hacking Web Application UIs

Clickjacking with a 0:03:48

Clickjacking with a frame buster script

Portswigger Clickjacking Labs 0:12:50

Portswigger Clickjacking Labs Solution

Lab: Clickjacking with 0:12:37

Lab: Clickjacking with a frame buster script

What is Clickjacking? 0:08:06

What is Clickjacking?

Lab: Basic clickjacking 0:07:38

Lab: Basic clickjacking with CSRF token protection

Clickjacking with a 0:05:43

Clickjacking with a frame buster script (Video Solution) | 2020

Clickjacking - Lab 0:15:35

Clickjacking - Lab 3 : Clickjacking with a frame buster script

Clickjacking - Lab 0:05:58

Clickjacking - Lab 5 : Multistep clickjacking

Lab Exploiting clickjacking 0:04:42

Lab Exploiting clickjacking vulnerability to trigger DOM based XSS

PortSwigger ALL Clickjacking 0:17:05

PortSwigger ALL Clickjacking Lab Solution

Комментарии
Автор

<style>
#target_website {
position: relative;
width: 300px;
height: 600px;
opacity: 0.5;
z-index: 2;
border: none;
}
#decoy_website {
position: absolute;
top: 480px;
left: 125px;
z-index: 1;
}
</style>
<div id="decoy_website">Click me</div>

vxqwnduspmjtw