1. Web Security Academy
  2. Clickjacking
  3. Lab

Lab: Multistep clickjacking

This lab has some account functionality that is protected by a CSRF token and also has a confirmation dialog to protect against Clickjacking. To solve this lab construct an attack that fools the user into clicking the delete account button and the confirmation dialog. You will need to use two elements for this lab.

You have an account on the application that you can use to help design your attack. The credentials are: carlos / montoya.

Note

The victim will be using Chrome so test your exploit on that browser.