We came across interesting observation/article over here
https://medium.com/@arbazhussain/weaponizing-clickjacking-attack-with-click-content-jacking-ab50cb6a37ed
It is possible to Hijack content by click jacking by loading two frames coming from the same domains. If domain is the same then it is possible to drag and drop API to function between two frames. Hence, it is possible to force victim to do “drag-and-drop” followed by a Click. It can lead to “Click Content Jacking” as concept outlined in the article.
https://medium.com/@arbazhussain/weaponizing-clickjacking-attack-with-click-content-jacking-ab50cb6a37ed
It is possible to Hijack content by click jacking by loading two frames coming from the same domains. If domain is the same then it is possible to drag and drop API to function between two frames. Hence, it is possible to force victim to do “drag-and-drop” followed by a Click. It can lead to “Click Content Jacking” as concept outlined in the article.