Technical Description:
Monstra Content Management System is prone to an Click-Jacking Vulnerability . Clickjacking is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on. It didn't return an X-Frame-Options header implying this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page inside a frame or iframe.
1. Introduction Vendor : Monstra Affected Product : Monstra CMS 3.0.4 Vendor Website : http://monstra.org/ Vulnerability Type : Click-Jacking Vulnerability Remote Exploitable : Yes
2. Overview
Technical Description: Monstra Content Management System is prone to an Click-Jacking Vulnerability . Clickjacking is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on. It didn't return an X-Frame-Options header implying this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page inside a frame or iframe.
3. PoC
Vulnerable to click-jacking!
4. Credit Suparna Kachroo (@Sud0__su)