Vulnerable to clickjacking

Disclosed: 2016-05-13 09:24:41 By trabajoduro To gratipay
None
Vulnerability Details
Reproduction steps: 1.Open URL :https://grtp.co/ 2.put the url in the below code of iframe <html> <head> <title>Clickjacking GRTP</title> </head> <body> <p>Website is vulnerable to clickjacking!</p> <iframe src="https://grtp.co/" width="500" height="500"></iframe> </body> </html> 3.Observe that site is getting displayed in Iframe Impact: By using Clickjacking technique, an attacker hijack's click's meant for one page and route them to another page, most likely for another application, domain, or both. Standard: SANS CWE-693 Remediation: Frame busting technique is the better framing protection technique. Sending the proper X-Frame-Options HTTP response headers that instruct the browser to not allow framing from other domains
Actions
View on HackerOne
Report Stats
  • Report ID: 123782
  • State: Closed
  • Substate: informative
  • Upvotes: 2
Share this report