Page hijacking
Page hijacking involves compromising legitimate web pages in order to redirect users to a malicious web site or an exploit kit via cross site scripting.
Example
A hacker may use an exploit framework such as sqlmap to search for SQL vulnerabilities in the database and insert an exploit kit such as MPack in order to compromise legitimate users who visit the now compromised web server. One of the simplest forms of page hijacking involves altering a webpage to contain a malicious inline frame which can allow an exploit kit to load.
Page hijacking is frequently used in tandem with a watering hole attack on corporate entities in order to compromise targets.
gollark: ```haskellshare [mkPersist sqlSettings, mkMigrate "migrateAll"] [persistLowerCase|User json username Text password Text Username username deriving Show Generic EqPaste json poster UserId name Text content Text type PasteType PasteNamePoster name poster deriving Show Generic Eq|]```This is nice though.
gollark: Main file is 176 lines (API.hs).
gollark: https://osmarks.tk/git/osmarks/pastecanPastebin clone, quite long.
gollark: Though Persistent *is* very terse.
gollark: I doubt you'd also get actual DB access.
See also
- Homepage hijacking
- Link farm
- Mousetrapping
- TrustRank
- Clickjacking
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.