Since it is the victim who actually, but unknowingly, clicks on the element of the legitimate page, the action looks “safe” from the browser’s point of view; that is, the same origin policy is not violated. Clickjacking attacks have been reported to be usable in practice to trick users into initiating money transfers, clicking on banner ads that are part of an advertising click fraud, posting blog or forum messages, or, in general, to perform any action that can be triggered by a mouse click. Beside several proof-of-concept clickjacking examples that have been posted on security-related blogs, it is not clear to what extent clickjacking is used by attackers in practice.
TO view clickjacking visit Clickjacking demostration
So now i am not saying how to clickjacking a web site but I will say how you can protect yourself
1. Do not click on any suspicious link , popups and any link embedded image or video
2. Do not entry any data in an unknown webpage
3, Always see the URL of web sites
4. Use browser addons (noscript ) or disable javascripts while entering data to a webpage.
Now how to protect our web site from Clickjacking
Frame-Busting: This technique checks if the webpage is the topmost window or embedded in a frame. If the webpage is embedded, it will bust out of the frame and makes itself as the topmost frame. This is achieved with the help of DOM property call top. The top property defines the topmost ancestor window.
<script type="text/javascript">
function breakout()
{
if (window.top!=window.self)
{
window.top.location=window.self.location;
}
}
</script>
The above javascript function defines a sample frame-busting function.
Comment please
