Found Clickjacking Vulnerability at Login Page
I found Clickjacking Vulnerability at Login Page
Vulnerability Type : Clickjacking
Two links are vulnerable to clickjacking .....Login page
https://auth.api.sonyentertainmentnetwork.com/login.jsp
https://www.oriss.ap.sony.com/Admin/Login.aspx
Vulnerability Description :
Typically there is one type of attack - cross site request forgeries (CSRF)
that can interact with functions on other websites.
Clickjacking (User Interface redress attack, UI redress attack, UI redressing)
is a malicious technique of tricking a Web user into clicking on something different
from what the user perceives they are clicking on, thus potentially revealing confidential
information or taking control of their computer while clicking on seemingly innocuous web pages.
The server didn't return an X-Frame-Options header which means that this website could be at
risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate
whether or not a browser should be allowed to render a page in a or
2.save it as .html eg sony.html
3.and just simply open that..
As far as i know this data is enough to prove that your site is vulberable to Clickjacking..
according to OWASP its more than enough..
https://www.owasp.org/index.php/Testing_for_Clickjacking_(OWASP-CS-004)
Solution -->>
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
check this out..here is the solution for that...
Comments
Post a Comment