web analytics

New Attack “XSSJacking” Combines Clickjacking, Pastejacking, and Self-XSS

24th March 2017 By Catalin Cimpanu

 

Security researcher Dylan Ayrey detailed last week a new web-based attack named XSSJacking that combines three other techniques  — Clickjacking, Pastejacking, and Self-XSS — to steal data from careless users.

 

Ayrey says XSSJacking can help attackers reach sensitive information for which they would normally need a more complex security flaw, such as a stored XSS (Cross-Site Scripting) or CSRF (Cross-Site Request Forgery), issues which most websites tend to fix when reported.

 

The attack is not fully-automated, as it still relies on social engineering, a reason why many of today’s security bug bounty programs won’t even consider it as a security flaw, Ayrey told Bleeping Computer in an email.

 

Full Article

 

Take a look at the best antivirus, anti-malware, anti-spy, etc. software

Powered by WPeMatico