Bugtraq mailing list archives
RE: IE - cross site click detection?
From: ViPeR <viper31337 () yahoo co in>
Date: Wed, 27 Apr 2005 10:23:20 +0100 (BST)
hi, yes, i had actually, mailed a "corrected" version of my mail to bugtraq, stating that "clicks" are detected only when you clicked on the blank areas of the page.. seems it was never delieverd. your example seems to work fine. rgds, Gregory R. Panakkal http://www.crapware.tk --- James C Slora Jr <Jim.Slora () phra com> wrote:
For me, it only detects the click in certain portions of the iframe, depending on the construction of the page. This could be refined into some nasty stuff though. On pages built using Flash navigation, your construction does very interesting things An example that works OK: <a href="https://www.paypal.com/"><iframe
src="http://www.hypegallery.com/flash.php?retrieve=true"
frameborder="0" scrolling="no" marginwidth="0" marginheight="0" style="border: 0px; width: 100%; height: 100%;"> Mixed-content pages are especially interesting, since standard hyperlinks show their normal destination in the status bar, unhyperlinked images show nothing in the status bar. Start nesting frames and using image maps, etc, and you could have a totally unintelligible page that could do all sorts of nasty stuff while appearing totally legit.
________________________________________________________________________ Yahoo! India Matrimony: Find your life partner online Go to: http://yahoo.shaadi.com/india-matrimony
Current thread:
- IE - cross site click detection? ViPeR (Apr 26)
- <Possible follow-ups>
- RE: IE - cross site click detection? ViPeR (Apr 27)