dcsimg

Login | Register

TIP: Solution for Hacking Through the Clipboard

Posted by Abdul shakoor Saqib on August 1st, 2006

WEBINAR:
On-Demand

Application Security Testing: An Integral Part of DevOps


Introduction

You copy various data by using Ctrl+C or Ctrl+Insert for pasting elsewhere at a later time. This copied data is stored in the Clipboard and is accessible from the Net by a combination of JavaScripts and ASP. I want share this information because it potentially is very harmful. This information was gathered from the sourcrcodeworld forum.

Hacking Case

Just try this:

  1. Copy any text by pressing Ctrl+C.
  2. Click this link: http://www.sourcecodesworld.com/special/clipboard.asp.
  3. You will see the text you copied on the screen. It was accessed by this Web page.
    4. Do not keep sensitive data (like passwords, credit card
numbers, PIN etc.) in the clipboard while surfing the web.
It is extremely easy to extract the text stored in the
clipboard to steal your sensitive information.

This works for both IE and Netscape.

Solution

To avoid the Clipboard hack problem, do the following:

  1. Go to Internet Options, Security.
  2. Press custom level.
  3. In the security settings, select disable under Allow paste operations via script.

Now, the contents of your clipboard are safe and you can continue to enjoy Web browsing.

Actual Script

The following few lines are the actual agent used to steal the Clipboard data from your machine:

<Script Language="JavaScript">
var content = clipboardData.getData("Text");
alert(content);
</Script>


About the Author

Abdul shakoor Saqib

About Abdul Shakoor Saqib

Software Engineer

Mr. Abdul Shakoor Saqib has Master of Computer Science and has 3 years of application software development experience. He has specialized himself in developing software for process control system and integrated development environment. Currently he is working as Software Engineer & System Analyst at ISF, Islamabad, Pakistan.Core programming interest and experties are c,c++,vc++ development and MS Office Plugin and skills are MFC,ATL,COM programming. and enjoying to play with interface level with great hardware interaction programming.

Comments

  • Adding to Clipboard

    Posted by gaffy4u on 11/23/2007 01:20am

    We can use clipbrd.exe for seeing the clipboard contents. clipbrd.exe is available in Win 2000 and Win XP. Vista dont have this feature. Mohammed Gaffar Ahmed

    Reply

  • Nope

    Posted by FoodBard on 01/23/2007 10:20pm

    Sorry, it ain't happening here. must be your PC only

    Reply

  • IE problem only?

    Posted by Comintern on 08/04/2006 10:22pm

    I tried the link with the script on it several times, and could not get it to read my clipboard. Then, I scrolled down the page and saw the billboard saying "The best way to solve this problem is to use Firefox. Download Firefox from the link below:". Apparently this is only a security issue for IE users.

    Reply

  • You must have javascript enabled in order to post comments.

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • The CIO's Guide to UEM: 10 Critical Decision Points

    Mobility is reaching an inflection point in enterprise. Smart enterprises are moving away from tactical point solutions for mobile device management, looking instead for a secure, comprehensive, unified, and future-proof mobile-app platform. Enterprise applications are now at the heart of mobile productivity, data is shared outside the enterprise walls, and the data itself may reside on multiple devices and clouds. Read this guide to learn how a unified endpoint management (UEM) solution is critical to …

  • The Salesforce Admin's Guide to Document Generation

    A CRM solution holds a wealth of information and document generation tools allow users to take that information and create documents with both visual appeal and function. Document generation is the process of automatically producing a file and document generation applications save companies time, mistakes, and money. You bought Salesforce to be more efficient — why are you still manually creating proposals, contracts, invoices, and account plans? Read this eBook to learn how you can automate virtually …

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date
×
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.