UI redressing
UI redressing or the clickjacking attack makes use of overlapping elements, transparent frames, and some social engineering to fool users of a web application to click or perform certain actions on different pages of the web application without them realizing. The attack is very easy to conduct; the attacker creates an iframe
of one of the pages from the vulnerable web application. Just above the iframe
there are some HTML elements (a button, a hyperlink, and so on) which is often disguised as a simple game or anything catchy which the user might click on. The placement of these elements are done in such a way that as soon as the user clicks on it, the click, instead of registering at the HTML element, goes to the iframed web page of the vulnerable web application. Now you may wonder how this is possible, so let me explain; the iframe is made transparent so only the convincing game is visible to the user and the iframe is placed over HTML elements through CSS, but since the...