What is Clickjacking?
The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page inside a frame or iframe. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.Need Knowledge of:
HTML, CSS, Javascript;How To Find
Manually,
<html>
<iframe src="URL">
Just insert your Url in URL, if you see website opens up in this frame, Then Congratulation You Find Clickjacking Bug.
Note: Clickjacking bug only acceptable if page contain sensitive information e.g: Credit Card Form, Login Form or Profile Edit Form;
Note: Clickjacking bug only acceptable if page contain sensitive information e.g: Credit Card Form, Login Form or Profile Edit Form;
There are number of software for web application scanning like Acunetix etc
Exploit :
Use opacity tag of CSS to hide content of website. Now make an attractive website to force victim to do any desire thing which you want!
Sign up here with your email
ConversionConversion EmoticonEmoticon