312-50V11 · Question #192
Scenario: 1. Victim opens the attacker's web site. 2. Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make $1000 in a day?'. 3. Victim clicks to the
The correct answer is D. Clickjacking Attack. Clickjacking tricks users into clicking hidden elements by overlaying a transparent iframe on top of visible, attractive content.
Question
Options
- ASession Fixation
- BHTML Injection
- CHTTP Parameter Pollution
- DClickjacking Attack
How the community answered
(49 responses)- A4% (2)
- B2% (1)
- D94% (46)
Why each option
Clickjacking tricks users into clicking hidden elements by overlaying a transparent iframe on top of visible, attractive content.
Session Fixation forces a victim to authenticate using a pre-set session token controlled by the attacker - it does not involve iframe overlays or click interception.
HTML Injection inserts unsanitized HTML markup into a web page to alter its content or structure, not to overlay invisible iframes and intercept user clicks.
HTTP Parameter Pollution manipulates duplicate HTTP parameters to bypass input filters or cause inconsistent server behavior, and is unrelated to visual overlay techniques.
Clickjacking, also called a UI redress attack, works by rendering a transparent iframe over a page element the victim intends to click, so the actual click is registered by the hidden iframe content instead. The attacker lures the victim with engaging bait content and harvests the click to perform unintended actions such as authorizing transactions or changing account settings. The transparent iframe is the defining technical mechanism of this attack.
Concept tested: Clickjacking UI redress attack using transparent iframes
Source: https://owasp.org/www-community/attacks/Clickjacking
Topics
Community Discussion
No community discussion yet for this question.