Vulnerability Name: DMARC RECORD MISSING
Vulnerable URL:https://www.sparta.eu/
HOW TO REPRODUCE(POC-ATTACHED):-
1.GO TO- https://mxtoolbox.com/
2.ENTER THE WEBSITE(sparta.eu).
CLICK GO.
3.YOU WILL SEE THE FAULT(No DMARC Record found).
4.In the new page that loads change MXLookup to DMARCLookup.
Extra information
Impact:
Spammers can forge the "From" address on email messages to make messages
appear to come from someone in your domain.
If spammers use your domain to send spam or junk email, your domain quality
is negatively affected.
People who get the forged emails can mark them as spam or junk, which can
impact authentic messages sent from your domain.
Attachment:
Vulnerability Name:No valid SPF record.
DESCRIPTION:
An SPF record is a type of Domain Name Service (DNS) record that identifies
which mail servers are permitted to send email on behalf of your domain.
The purpose of an SPF record is to prevent spammers from sending messages
with forged From addresses at your domain.
Vulnerable Domain :sparta.eu
Steps To Reproduce:
1) Checking Missing SPF:
There Are Various Ways of Checking Missing SPF Records on a website But the
Most Common and Popular way is kitterman.com
Steps to Check SPF Records on a website:-
Go to http://www.kitterman.com/spf/validate.html
Enter Target Website Ex:sparta.eu
(Do Not Add https/http or www)Hit Check SPF (IF ANY)
If You seem any SPF Record than Domain is Not Vulnerable But if you see
no SPF
record here,it is vulnerable
2) Attack Scenario & Poc:
Once There is No SPF Records.An Attacker Can Spoof Email Via any Fake
Mailer Like Emkei.cz.An <http://emkei.cz.an/> Attacker Can Send Email From
name "Security" and Email: "security(a)target.com" With Social Engineering
Attack He Can TakeOver User Account Let Victim Knows the Phishing Attack
but When He See The Email from the Authorized Domain.He Got tricked Easily.
Exploit:
For testing i am forgering support(a)sparta.eu
How to reproduce this
1.Go to https://emkei.cz/
2. Fill all the details
like
Name - support sparta
email - support(a)sparta.eu
to - my email address
etc
send email
3. It will directly send a mail from support(a)sparta.eu
to my email
Impact :
Attacker can use official mail for phishing attack. which can be used for
phishing attack. At it is from official mail, user will definitely trust it
and will be tricked in phishing trap.
Attachment:
*Vulnerability Name : Click jacking*
Target URL:https://www.sparta.eu/
Vulnerability Description :
Click jacking (User Interface redress attack, UI redress attack, UI
redressing) is a malicious technique of tricking a Web user into clicking
on something different from what the user perceives they are clicking on,
thus potentially revealing confidential information or taking control of
their computer while clicking on seemingly innocuous web pages.
The server didn't return an X-Frame-Options header which means that this
website could be at risk of a click jacking attack. The X-Frame-Options
HTTP response header can be used to indicate whether or not a browser
should be allowed to render a page in a <frame> or <iframe>. Sites can use
this to avoid click jacking attacks, by ensuring that their content is not
embedded into other sites.
Typically there is one type of attack - cross site request forgeries (CSRF)
that can interact with functions on other websites.
1) This vulnerability affects Web Server.
<html>
<head>
<title>Clickjack test page</title>
</head>
<style>
#myBtn{
z-index: 999;
position: absolute;
top: 100px;
right: 50px;
color: white;
background-color: red;
}
</style>
<body>
<!-- <h1> A Sample Test Page </h1>
<p>Website is vulnerable to click jacking! </p>
<p>Avoid random clicks </p> -->
<div style="z-index:-9999; position:absolute;top:0; left:0;width: 70%;
height:70%">
<iframe src="https://www.sparta.eu/
"frame1" width="100%"
height="100%" >
</iframe></div>
<div align="right" style="position:absolute; top:1; left:0; z-index:1;
width: 70%;height:60%; text-align:left;">
<a href="https://www.sparta.eu/
"target="_blank"><button id="myBtn"> click here</button></a>
<!-- <a href="https://www.sparta.eu/
"><button id="myBtn">Open Modal</button></a> -->
<div id="myModal" class="modal">
<!-- Modal content -->
</div>
</body>
</html>
2.save it as <any name>.html eg s.html
3.and just simply open that..and click on button(direct login) its redirect
https://www.sparta.eu/
As far as i know this data is enough to prove that your site is
vulnerable to Click jacking.
Impact:
Attacker may tricked user, sending them malicious link then user open it
clicked some image and their account unconsciously has been deactivated .
Attachment:
Hello Team,
I am Siddharth Zala working as a security researcher and I found a bug in
your site report of bug is as follows :
a) Vulnerability name: Clickjacking On Sensitive Page
b) Vulnerability Description :
Clickjacking (User Interface redress attack, UI redress attack, UI
redressing) is a malicious technique of tricking a Web user
into clicking on something different from what the user perceives they
are clicking on, thus potentially revealing confidential information or
taking control of their computer while clicking on seemingly innocuous web
pages.
The server didn't return an X-Frame-Options header which means that this
website could be at risk of a clickjacking attack. The
X-Frame-Options HTTP response header can be used to indicate whether or not
a browser should be allowed to render a page in a <frame> or <iframe>.
Sites can use this to avoid clickjacking attacks, by ensuring that their
content is not embedded into other sites.
This vulnerability affects the Web Server.
c) Steps to reproduce :
1. Copy the URL of the website and paste it in clickjacking code
2. This is sample code
Create a new HTML file
put <iframe src="https://sparta.eu/" id="frame1" width="100%"
height="100%" >
3. Open the Html file with another browser and click on click here and see
it is redirected to bing.com.
d) POC :
I have attached Screenshot as well as code of clickjacking :
<html>
<head>
<title>Clickjack test page</title>
</head>
<style>
#myBtn{
z-index: 999;
position: absolute;
top: 100px;
right: 50px;
color: white;
background-color: red;
}
</style>
<body>
<!-- <h1> A Sample Test Page </h1>
<p>Websites are vulnerable to clickjacking! </p>
<p>Avoid random clicks </p> -->
<div style="z-index:-9999; position:absolute;top:0; left:0;width: 70%;
height:70%">
<iframe src=" https://sparta.eu/" id="frame1" width="100%"
height="100%" >
</iframe></div>
<div align="right" style="position:absolute; top:1; left:0; z-index:1;
width: 70%;height:60%; text-align:left;">
<a href="
https://www.bing.com/?toWww=1&redig=D1C96AD6DC434FA59D3D2AC05339EA9B"
target="_blank"><button id="myBtn"> click here</button></a>
<div id="myModal" class="modal">
<!-- Modal content -->
</div>
</body>
</html>
e) Solution :
There are two main ways to prevent clickjacking:
Sending the proper X-Frame-Options HTTP response headers that instruct the
browser to not allow framing from other domains
Employing defensive code in the UI to ensure that the current frame is the
most top-level window
Most modern Web browsers support the X-Frame-Options HTTP header. Ensure
it's set on all web pages returned by your site (if you expect the page to
be framed only by pages on your server (e.g. it's part of a FRAMESET) then
you'll want to use SAMEORIGIN, otherwise if you never expect the page to be
framed, you should use DENY. ALLOW-FROM allows specific websites to frame
the web page in supported web browsers).
f) Impact:
By using the Clickjacking technique, an attacker hijacks click's meant for
one page and routes them to another page, most likely for another
application, domain, or both.
Warm Regards
Siddharth Zala
Security Researcher
*Pankaj here I found Vulnerability on your domain*
https://sparta.eu/
*Vulnerability name:CSP: Wildcard Directive*
*Description:*
Content Security Policy is an effective measure to protect your site from
XSS attacks.
By whitelisting sources of approved content, you can prevent the browser
from loading malicious assets.
The following directives either allow wildcard sources (or ancestors), are
not defined, or are overly broadly defined:
*script-src, script-src-elem, script-src-attr, style-src, style-src-elem,
style-src-attr, img-src, connect-src, frame-src, font-src, media-src,
object-src, manifest-src, worker-src, prefetch-src, form-action*
The directive(s): form-action are among the directives that do not fallback
to default-src, missing/excluding them is the same as allowing anything.
*Steps to reproduce:*
1)Go to : https://securityheaders.com/
2) Enter host name https://sparta.eu/
*3)You will see CSP MISSING*
*Solution:*
Ensure that your web server, application server, load balancer, etc. is
properly configured to set the Content-Security-Policy header
[image: image.png]
