A new Web attacks is now in the wild. It’s named clickjacking – as discussed at the OWASP NYC AppSec 2008 Conference. Clickjacking is actually clipboard hijacking by adobe flash player on various browsers.

We all see various types of advertisements on many website. One thing that you need to notice from now on is that silly advertisements are capable of monitoring your clipboard. (Clipboard is where the user saves the data temporary on using the “copy” function). The bug exists in all browsers and in all operating systems so you are not safe.

In a nutshell, it’s when you visit a malicious website and
the attacker is able to take control of the links that your
browser visits. The problem affects all of the different
browsers except something like lynx. The issue has nothing
to do with JavaScript so turning JavaScript off in your
browser will not help you. It’s a fundamental flaw with
the way your browser works and cannot be fixed with a simple
patch. With this exploit, once you’re on the malicious web page,
the bad guy can make you click on any link, any button,
or anything on the page without you even seeing it happening.

Now hackers are seizing control of the machine’s clipboard and using a hard-to-delete URL that points to a fake anti-virus program. Victims report that the vulnerable advertisements are shown in many legitimate websites including Newsweek, Digg and MSNBC.com.

Link to proof of concept page : http://raffon.net/research/flash/cb/test.html

Explore More

Dangerous IP’s – Do not scan

All the below are FBI controlled Linux servers & IPs/IP-Ranges 207.60.0.0 – 207.60.255.0 The Internet Access Company207.60.2.128 – 207.60.2.255 Abacus Technology207.60.3.0 – 207.60.3.127 Mass Electric Construction Co.207.60.3.128 – 207.60.3.255 Peabody

Domain Stealing or How to Hijack a Domain

Please note this is an old technique again, just for learning purposes, learn how the old techniques worked and why they worked, then try and discover new ways to do

Critical SQL Injection in Enjoy (http://www.enjoy.net.mm)

PlanetCreator reported another critical SQL injection (vulnerability) on several sites of Enjoy (http://www.enjoy.net.mm) SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer