It’s look like we can do a clickjacking attack on this iframe. Here is how it’s work :
- You set the iframe fully transparent/invisible via CSS.
- You capture the mouse event.
- When the user move the mouse, you move the twitter button iframe in order it always stay under the cursor.
- If the user click somewhere on your page, he will automatcly follow your account.
- You gain more followers girls love you.
The hack is running on this page, i’ve just set the opacity to 40% to make you realized you are getting owned. Just click somewhere and you will automatically follow me.