RE: IE - cross site click detection?

[ViPeR <viper31337 () yahoo co in>]

hi,

yes, i had actually, mailed a "corrected" version of
my mail to bugtraq, stating that "clicks" are detected
only when you clicked on the blank areas of the page..
seems it was never delieverd.

your example seems to work fine.

rgds,
Gregory R. Panakkal
http://www.crapware.tk

--- James C Slora Jr <Jim.Slora () phra com> wrote:
> For me, it only detects the click in certain
> portions of the iframe,
> depending on the construction of the page. This
> could be refined into some
> nasty stuff though.
>
> On pages built using Flash navigation, your
> construction does very
> interesting things
>
> An example that works OK:
>
> <a href="https://www.paypal.com/";><iframe
src="http://www.hypegallery.com/flash.php?retrieve=true";
> frameborder="0"
> scrolling="no" marginwidth="0" marginheight="0"
> style="border: 0px;
> width: 100%; height: 100%;">
>
> Mixed-content pages are especially interesting,
> since standard hyperlinks
> show their normal destination in the status bar,
> unhyperlinked images show
> nothing in the status bar.
>
> Start nesting frames and using image maps, etc, and
> you could have a totally
> unintelligible page that could do all sorts of nasty
> stuff while appearing
> totally legit.


________________________________________________________________________
Yahoo! India Matrimony: Find your life partner online
Go to: http://yahoo.shaadi.com/india-matrimony