Aditya K Sood , SecNiche Security

No Native Check against Click Jacking. Check the Overwritten Event.

http://zeroknock.blogspot.com/2009/02/more-towards-clickjacking-simulating.html

Clickjacking is a malicious software form that can seemingly take control of the links that an Internet browser displays for various Web pages. Once that takes place, and once a user tries to click on that link, the user is taken to a site that is unintended. In some cases, the user may be able to recognize this immediately; in other cases, the user may be totally unaware of what took place.Once an infected ad has been loaded into your browser, your clipboard (where you copy and paste text) becomes overwritten with a URL.

A vulnerability across a variety of browsers and platforms, a clickjacking takes the form of embedded code or script that can execute without the user’s knowledge, such as clicking on a button that appears to perform another functionThe exploit may also take over your browser and visit links without you knowing.

A clickjacked page tricks a user into performing undesired actions by clicking on a concealed link. On a clickjacked page, the attackers show a set of dummy buttons, then load another page over it in a transparent layer. The user thinks he is clicking the visible buttons, while he/she is actually performing actions on the hidden page.

The hidden page may be an authentic page, and therefore the attackers can trick users into performing actions which the users never intended to do and there is no way of tracing such actions later, as the user was genuinely authenticated on the other page.

Standard Definitions (Wikipedia , Quoted by Third Parties)

ClickJacking Paper

Clickjack The Target (http://www.yahoo.com) : (http://www.xssed.com)

Official Build 2200

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)

AppleWebKit/525.13 (KHTML, like Gecko)

Chrome/1.0.154.43 Safari/525.13