search

Elevate-Lab / elevate-lab-website

A website to inform and invite contributors to elevate-lab
https://elevate-lab.github.io/elevate-lab-website/
MIT License
18 stars 64 forks source link

Clickjacking (UI Readdressing) https://elevate-lab.github.io/elevate-lab-website/ #194

Open Mah3Sec opened 3 years ago

Mah3Sec commented 3 years ago

1.Vulnerability name: Clickjacking

2.Vulnerability Description: Typically there is one type of attack - cross site request forgeries (CSRF) that can interact with functions on other websites. Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.

The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a or

b.Save it as .html eg s.html c.Open the html page in browser

Below is the link for more information https://www.owasp.org/index.php/Testing_for_Clickjacking_(OWASP-CS-004)

Solution:

The solution is provided on the link below https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet

POC: Screenshot attached. Screenshot from 2020-10-15 18-42-47

Regards Mahendra Purbia

welcome[bot] commented 3 years ago

Hello there!👋 Elevate-Lab heartly😃 welcomes you to the project!💖

Thank you and congrats🎉for opening your very first issue in this project.Hope you have a great time there!😄 You may submit a PR if you like! If you want to report a bug🐞 please follow our Issue Template. Also make sure you include steps to reproduce it and be patient while we get back to you.😄

Mah3Sec commented 3 years ago

Check this issue and let me know. And help me in pull request in Hacktoberfest

Tlazypanda commented 3 years ago

@mahendra9661 go ahead :tada:

Mah3Sec commented 3 years ago

please accept this and add hacktoberfest accepted label

Mah3Sec commented 3 years ago

1.Vulnerability name: Clickjacking

2.Vulnerability Description: Typically there is one type of attack - cross site request forgeries (CSRF) that can interact with functions on other websites. Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.

The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a or b.Save it as .html eg s.html c.Open the html page in browser Below is the link for more information https://www.owasp.org/index.php/Testing_for_Clickjacking_(OWASP-CS-004) Solution: The solution is provided on the link below https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet POC: Screenshot attached. Screenshot from 2020-10-15 18-42-47 Regards Mahendra Purbia

Mah3Sec commented 3 years ago

![Uploading Screenshot from 2020-10-15 18-42-47.png…]()

create-issue-branch[bot] commented 3 years ago

Branch issue-194-Clickjacking_UI_Readdressing_https_elevate-lab_github_io/elevate-lab-website created!

deepakDOTexe commented 3 years ago

@mahendra9661 Did you make any pull request for this issue as I can't see it or anything that I may have missed it reg this convo.?

IC1101Virgo commented 3 years ago

@Mah3Sec any updates?