Missing x-frame protection Discovered on: 22nd, January 2017. Research Time: 10:00 p.m to 12:00 a.m. Earn more by display ads on blog with Lithific Ads Well-placed clicks can make you do unintended actions like DELETING your comments if there is no X-frame protection for any web page because it could be embedded in a frame of evil 😈websites. The attackers can place few clickable elements on the page and make the users perform sensitive actions. I was testing on Yahoo! for vulnerabilities on 21st January and thought to check for Clickjacking vulnerability if other attacks couldn't succeed. I was successful in finding clickjacking vulnerability in one of the end points of finance.yahoo.com . I thought of submitting the bug to Yahoo! but unfortunately , this type of vulnerability was out of scope😑. Later I thought of testing Google! because my rank was going down. It was around 10:00 p.m. I was just going through the Google Open Sou
Hi ! I'm a Sofware Engineer, strive to exploit security flaws only on Tech giants, though all the time my attacks go into the graveyard 😕. Guitar🎸 | Bug Bounty🐞🤑 | Love life