Hi Guys, I hope all of you are doing great and in a well state. Today i will show you a ClickJacking bug i found in Instagram that allowed me to iframe ajax responses and leads attackers to steal your instagram connected applications tokens hence hijack your account! Long story short: I have found that […]
Blazy is a modern login page bruteforcer. Features Easy target selections Smart form and error detection CSRF and Clickjacking Scanner Cloudflare and WAF Detector 90% accurate results Checks for login bypass via SQL injection Multi-threading 100% accurate results Better form detection and compatibility Requirements Beautiful Soup Mechanize Usages Open your terminal and enter git clone […]
A New Attack method called “XSSJacking” a type of Web application Clickjacking, Pastejacking and Self-XSS Web application based Attack Discovered by the Security Researcher Dylan Ayrey. While Clickjacking vulnerability existing in particular page, this attack will trigger Self-XSS. “Self–XSS is a social engineering attack used to gain control of victims’ web accounts.In a self–XSS attack, the […]
Clickjacking attack is also known as a “UI redress”, is when an attacker uses various transparent or opaque layers to fool a victim into clicking on a button or link on another page when they were expecting to click on the top level page. Thus, the attacker is “hijacking” clicks meant for their page and […]
Security researcher Dylan Ayrey detailed last week a new web-based attack named XSSJacking that combines three other techniques — Clickjacking, Pastejacking, and Self-XSS — to steal data from careless users. Ayrey says XSSJacking can help attackers reach sensitive information for which they would normally need a more complex security flaw, such as a stored XSS […]
CJExploiter is drag and drop ClickJacking exploit development assistance tool. First open the “index.html” with your browser locally and enter target URL and click on “View Site”. You can dynamically create your own inputs. Finally by click the “Exploit It” you can see the P0C. Summary Clickjacking, also known as a “UI redress attack”, is […]
Researchers at threat defense company Skycure have uncovered an Android proof of concept malware that uses accessibility services to allow attackers to spy on and even control a device. It can monitor all of a victim’s activity and allow attackers to read, and possibly compose, corporate emails and documents via the victim’s device, as well […]
Android.Lockdroid.E poses as a porn app and tricks users into giving it admin rights. Almost 67 percent of Android devices are at risk. Symantec has found an Android ransomware variant (Android.Lockdroid.E) that uses new tactics, involving a fake package installation, to trick users into giving the malware device administrator rights. As well as encrypting files […]