About Clickjacking (UI Redressing)
Clickjacking (UI Redressing) vulnerabilities occur when attackers trick users into clicking on hidden or disguised elements by overlaying malicious content on top of legitimate content, leading to unauthorized actions and data theft.
Common Clickjacking Attack Types
Basic Clickjacking: Simple overlay attacks
iframe Clickjacking: Using iframes to overlay content
CSS Clickjacking: Using CSS to hide and overlay elements
Advanced Clickjacking: Complex techniques and bypasses
Social Engineering: Combining clickjacking with social engineering
Common Vulnerable Elements
Buttons: Submit buttons, action buttons
Links: Navigation links, action links
Forms: Login forms, payment forms
Interactive Elements: Checkboxes, radio buttons, sliders
Overlay Elements: Modals, popups, overlays
Real-World Impact
Unauthorized actions and data theft
Financial fraud and payment manipulation
Account takeover and privilege escalation
Settings manipulation and configuration changes
Compliance violations and security breaches
Cross-site attacks and data exfiltration