This Blog is about Technology to which our World is Addicted

Friday, 10 July 2015

Found Clickjacking Vulnerability at Login Page





 I found Clickjacking Vulnerability at Login Page                                                                                                                     
Vulnerability Type : Clickjacking                                                                                                                                               
Two links are vulnerable to clickjacking .....Login page                                                                                                                                                                
https://auth.api.sonyentertainmentnetwork.com/login.jsp                            
https://www.oriss.ap.sony.com/Admin/Login.aspx
Vulnerability Description :
Typically there is one type of attack - cross site request forgeries (CSRF)
that can interact with functions on other websites.
Clickjacking (User Interface redress attack, UI redress attack, UI redressing)
is a malicious technique of tricking a Web user into clicking on something different 
from what the user perceives they are clicking on, thus potentially revealing confidential
information or taking control of their computer while clicking on seemingly innocuous web pages.
The server didn't return an X-Frame-Options header which means that this website could be at
risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate
whether or not a browser should be allowed to render a page in a  or                                


2.save it as .html eg sony.html
3.and just simply open that..             
          
As far as i know this data is enough to prove that your site is vulberable to Clickjacking..                                                  
according to OWASP its more than enough..
https://www.owasp.org/index.php/Testing_for_Clickjacking_(OWASP-CS-004)
Solution -->>                                                                                                                                                                                                                                                                                                                                                                                                               
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet                                       
check this out..here is the solution for that...                                                                                                                                                
Share:

0 comments:

Post a Comment

get free cryto here

Check our new updates

CHECK THIS

get your free bitcoins here

Check your Ads here

Get Your Packs here

Powered by Blogger.

Wikipedia

Search results

Contact Form

Name

Email *

Message *

Followers

Email Newsletter

Subscribe to our newsletter to get the latest updates to your inbox. ;-)


Your email address is safe with us!

Total Pageviews

Facebook

Advertise

Translate

Custom Gadget

Blog Archive

Blogger templates