Web application security - the fast guide Chapter 5: Attack Execution - the client | Page 8

Decompile Flash, Java applet and Silverlight
Attack requirement:
1. For successful attack
2. victim should be logged to the
sensitive website.
3. The victim should access a page on the
attacker site
Attack process
1. The attacker creates a transparent
Iframe on his page and load the page
the user logged on with sensitive
action.
2. The attacker is hiding the iframe using
JavaScript and CSS
3. The victim cannot see the overlaying
page and try to interact with the
visible page.
4. The attacker has the buttons and clicks
designed to be clicked in a sequence
that helps the attacker to execute the
malicious action on the hidden page.
2017-05-10
Web Application Security Fast Guide (book slides)
By Dr.Sami Khiami
Slide 8