Note: This exploit is fixed in Rails 4 Our exploit today is clickjacking which is also called “UI redress attacks”. With clickjacking you can take an unexpected action for your victim by rendering the target site in an invisible frame. As an example, an attacker may trick users into taking undesired actions like making a […]

Read more at the source