elevate-lab-website
elevate-lab-website copied to clipboard
Elevate-Lab
Clickjacking (UI Readdressing) https://elevate-lab.github.io/elevate-lab-website/
1.Vulnerability name: Clickjacking
2.Vulnerability Description: Typically there is one type of attack - cross site request forgeries (CSRF) that can interact with functions on other websites. Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.
The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a or
3.Vulnerable URL: https://elevate-lab.github.io/elevate-lab-website/
4.Steps to reproduce the vulnerability:
a.Open notepad and paste the following code
<html>
Website is vulnerable to clickjacking!
Hello there!👋 Elevate-Lab heartly😃 welcomes you to the project!💖
Thank you and congrats🎉for opening your very first issue in this project.Hope you have a great time there!😄
You may submit a PR if you like! If you want to report a bug🐞 please follow our Issue Template. Also make sure you include steps to reproduce it and be patient while we get back to you.😄
![welcome[bot] avatar](https://avatars.githubusercontent.com/in/4141?v=4 "Published by a pub.dev verified publisher"){kind=small}
Check this issue and let me know. And help me in pull request in Hacktoberfest
1.Vulnerability name: Clickjacking
2.Vulnerability Description: Typically there is one type of attack - cross site request forgeries (CSRF) that can interact with functions on other websites. Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.
The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a or
3.Vulnerable URL: https://elevate-lab.github.io/elevate-lab-website/
4.Steps to reproduce the vulnerability:
a.Open notepad and paste the following code
Website is vulnerable to clickjacking!
b.Save it as .html eg s.html c.Open the html page in browser
Below is the link for more information https://www.owasp.org/index.php/Testing_for_Clickjacking_(OWASP-CS-004)
Solution:
The solution is provided on the link below https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
POC: Screenshot attached. Screenshot from 2020-10-15 18-42-47
Regards Mahendra Purbia
Branch issue-194-Clickjacking_UI_Readdressing_https_elevate-lab_github_io/elevate-lab-website created!
![create-issue-branch[bot] avatar](https://avatars.githubusercontent.com/in/36017?v=4 "Published by a pub.dev verified publisher"){kind=small}
@mahendra9661 Did you make any pull request for this issue as I can't see it or anything that I may have missed it reg this convo.?
