Posts

Showing posts with the label Penetration testing articles

Exploiting Browsers using PasteJacking and XSSJacking Vulnerability

Image
Hi Readers, in the field of penetration testing, we all know attacks such as Clickjacking, Cross Site Scripting etc. These are attacks from most  OWASP Top 10 test cases. Today we will look into some advanced attack vectors which have been lately around sometime but not all are aware of. Pastejacking. The art of changing what you copy from web pages. What is pastejacking? • Pastejacking is a method that malicious websites employ to take control of your computers’ clipboard and change its content to something harmful without your knowledge. • This feature can allow malicious websites to take over your computers’ clipboard. • When you copy something and paste it to your clipboard, the website can run one or more commands using your browser. • The method can be used to change the Clipboard contents. • If you paste something directly to the Terminals!? Result: Lethal Commands Executed To avoid paste jacking: • Windows users need to check what is placed into your compu