Get the Whitepaper called Clickjacking for Shells. Two years after the world was warned about clickjacking, popular web apps are still vulnerable and no web app exploits have been published. With many security pros considering clickjacking to have mere nuisance value on social networks, the attack is grossly underestimated. In this presentation, the author demonstrates step by step how to identify vulnerable applications, how to write exploits that attack web apps and also how to protect against clickjacking.
You can download it from the following link: https://packetstormsecurity.com/files/download/105260/clickjacking-for-shells.pdf
Source: https://packetstormsecurity.com/files/105260/Clickjacking-For-Shells.html