Jump to content

Page hijacking

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Felicia777 (talk | contribs) at 23:07, 12 October 2018 (Example). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Page hijacking involves compromising legitimate web pages in order to redirect users to a malicious web site or an Exploit kit via XSS.

Example

A hacker may use an exploit framework such as sqlmap to search for SQL vulnerabilities in the database and insert an Exploit kit such as MPack in order to compromise legitimate users who visit the now compromised web server. One of the simplest forms of page hijacking involves altering a webpage to contain a malicious IFrame which can allow an Exploit kit to load.

Page hijacking is frequently used in tandem with a Watering Hole attack on corporate entities in order to compromise targets.

See also

References