
WordPress Clickjacking Exploit
--------------------------------------------------------------
This exploit is part of "Clickjacking for Shells", an OWASP presentation
presented on September 20th, 2011 in Wellington, New Zealand by Andrew Horton
aka urbanadventurer from Security-Assessment.com


FILES
-------------------

clickjack.php				- The final clickjacking exploit
index-1.html				- Tutorial 1 of how to exploit clickjacking
index-2.html				- Tutorial 2 of how to exploit clickjacking
index-2-inner.html			- Part of Tutorial 2
README					- This file
wordpress-add-admin-payload.js		- Cross Site Scripting (XSS) Payload
wordpress-upload-shell-payload.js	- Cross Site Scripting (XSS) Payload


More information
-----------------
Homepage: http://www.security-assessment.com
Advisory: http://security-assessment.com/advisory/all/all/archive.htm
Exploit:  http://www.morningstarsecurity.com/research/clickjacking-wordpress
OWASP Clickjacking: https://www.owasp.org/index.php/Clickjacking



        (  .     )
        `)          (
     .     '  . '  `.
     (    , )     (,
  .   `.' ) ('.    ',
   ). , ('.   ( ) (
  (_,) .`), ) _ _,
 /  _____/  / _  \    ____  ____   _____
 \____  \==/ /_\  \ _/ ___\/  _ \ /     \
 /       \/   |    \\  \__(  <_> )  Y Y  \
/______  /\___|__  / \___  >____/|__|_|  /
        \/         \/.-.    \/         \/
                    (x.0)
                  '=.|w|.='
                  _='`"``=.
