Missing x-frame protection
Discovered on: 22nd, January 2017. Research Time: 10:00 p.m to 12:00 a.m.
I was testing on Yahoo! for vulnerabilities on 21st January and thought to check for Clickjacking vulnerability if other attacks couldn't succeed. I was successful in finding clickjacking vulnerability in one of the end points of finance.yahoo.com. I thought of submitting the bug to Yahoo! but unfortunately, this type of vulnerability was out of scope😑.
Later I thought of testing Google! because my rank was going down. It was around 10:00 p.m. I was just going through the Google Open Source blog (Domain opensource.googleblog.com), this is the place where Google updates any news about student's program or Software updates. I found that the page itself could be embedded in a frame.😉
I wrote code in HTML, CSS and Javascript. The URL of the comment section (Domain: apis.google.com) of the Blog was used as src value of <iframe> tag. Using CSS I made the comment section TRANSPARENT so that user may not know what he/she is doing. When the code is rendered in a web browser it looks like this.
The following images show what was happening behind....
In the image below you could see the comments section hiding.After Clicking Square 1, a drop down menu is shown. Square 2 is placed on Delete option, and after clicking on "2" an alert box would be shown whether to delete the comment or not.
Want to get icons for app Development Here it's
After clicking "3"...
The Comment will be deleted 😃
Deleting the comment is one thing in the attack scenario. What else the attackers can make the users do?
1.) Can EDIT the comments.
2.) Report users comments as ABUSE or SPAM
3.) MUTE others.
4.) +1 on users' comments.
I reported this to Google because the blog's comment section is vulnerable as the attackers may delete, edit the user's comments. Within 24 hours my report was triaged and sent to the product team. Again I was expecting a "$" in the reply.
After a week I got the reply from the security team...
ReplyDeleteThe above points are very useful for my research. Please share more like this. Thanks!
LoadRunner Training in Chennai
performance testing training
Loadrunner Training in Adyar
QTP Training in Chennai
qtp course in chennai
.Net training in chennai
Html5 Training in Chennai
LoadRunner Training in Chennai
thanks for sharing with us this information i really glade to read it and i appreciate your knowledge
ReplyDeleteif you need any technical help so contact us and feel free to call:+1-866-535-7333
http://www.gmailinformation.com/blog/google-drive-encryption/
Thank you for your post. This is excellent information.
ReplyDeleteDevOps Training
DevOps Online Training
DevOps Training in Ameerpet
Thanks for sharing with us this information i really glade to read it and i appreciate your knowledge
ReplyDeleteDot Net Training in Chennai | Dot Net Training in anna nagar | Dot Net Training in omr | Dot Net Training in porur | Dot Net Training in tambaram | Dot Net Training in velachery
Excellent Blog! I would Thanks for sharing this wonderful content.its very useful to us.I gained many unknown information, the way you have clearly explained is really fantastic.keep posting such useful information.
ReplyDeleteFull Stack Training in Chennai | Certification | Online Training Course
Full Stack Training in Bangalore | Certification | Online Training Course
Full Stack Training in Hyderabad | Certification | Online Training Course
Full Stack Developer Training in Chennai | Mean Stack Developer Training in Chennai
Full Stack Training
Full Stack Online Training
Interesting topic for a blog. I have been searching the Internet for fun and came upon your website. Fabulous post. Thanks a ton for sharing your knowledge! It is great to see that some people still put in an effort into managing their websites. I'll be sure to check back again real soon. source
ReplyDelete