Yet Another ClickJacking Attempt !

Hi folks,
yet another quick 'n dirty post on ClickJackign Attempts for personal memories. If you are interested on ClickJacking techniques I strongly suggest this reading (Frightened by Links, Franco Callegati and Marco Ramilli).

The following image describes another great Click Jacking attempt found out in http://japan20111.tk.



As you see in the top left corner a little iFrame is loaded ;). It includes a main.php (unfortunately right now has been removed) which is (was) able to load uncontrolled content. The front-end represents a youtube page (http://japan20111.tk/widget.php).



And an external JavaScript is loaded.


Easy, but effective, like every ClickJacking attempts is ... For more complete ClickJacking analysis: here and here