CAPEC-181
Melding voor een CAPEC
Blijf op de hoogte van wijzigingen voor een specifieke CAPEC.
Beschrijvingen CAPEC
An attacker creates a transparent overlay using flash in order to intercept user actions for the purpose of performing a clickjacking attack. In this technique, the Flash file provides a transparent overlay over HTML content. Because the Flash application is on top of the content, user actions, such as clicks, are caught by the Flash application rather than the underlying HTML. The action is then interpreted by the overlay to perform the actions the attacker wishes.
Informatie CAPEC
Vereisten
The victim must be tricked into navigating to the attackers' decoy site and performing the actions on the decoy page.The victim's browser must support invisible Flash overlays.
Vereiste middelen
The attacker must be able to force the Flash overlay over the decoy content.Gerelateerde zwakheden
| Zwakheidsnaam | |
|---|---|
CWE-1021 |
Improper Restriction of Rendered UI Layers or Frames The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. |
Indiening
| Naam | Organisatie | Datum | Releasedatum |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Wijzigingen
| Naam | Organisatie | Datum | Opmerking |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns |
