|
Bugtraq
mailing list archives
RE: IE - cross site click detection?
From: ViPeR <viper31337 () yahoo co in>
Date: Wed, 27 Apr 2005 10:23:20 +0100 (BST)
hi,
yes, i had actually, mailed a "corrected" version of
my mail to bugtraq, stating that "clicks" are detected
only when you clicked on the blank areas of the page..
seems it was never delieverd.
your example seems to work fine.
rgds,
Gregory R. Panakkal
http://www.crapware.tk
--- James C Slora Jr <Jim.Slora () phra com> wrote:
For me, it only detects the click in certain
portions of the iframe,
depending on the construction of the page. This
could be refined into some
nasty stuff though.
On pages built using Flash navigation, your
construction does very
interesting things
An example that works OK:
<a href="https://www.paypal.com/";><iframe
src="http://www.hypegallery.com/flash.php?retrieve=true";
frameborder="0"
scrolling="no" marginwidth="0" marginheight="0"
style="border: 0px;
width: 100%; height: 100%;">
Mixed-content pages are especially interesting,
since standard hyperlinks
show their normal destination in the status bar,
unhyperlinked images show
nothing in the status bar.
Start nesting frames and using image maps, etc, and
you could have a totally
unintelligible page that could do all sorts of nasty
stuff while appearing
totally legit.
________________________________________________________________________
Yahoo! India Matrimony: Find your life partner online
Go to: http://yahoo.shaadi.com/india-matrimony
 By Date 
By Thread
Current thread:
| 
Intro
