Legal Robot: UI Redressing ( ClickJacking ) Issue on Information submit form

2016-08-27T08:01:37
ID H1:163753
Type hackerone
Reporter babayaga_
Modified 2016-08-29T16:03:25

Description

I found that There is a Form for Submitting User Information for applying for Beta Program. But this has NO Protection against Clickjacking Issue & also this form needs the following inputs that can b somewhat useful for an attacker.

Information Like:

Name: Email: Company

Following is HTML code i used to test it!

<html> <--Clickjacking Test by KHizer--> <style> iframe { width: 800px; height: 500px; position: absolute; top: 0; left: 0; filter: alpha(opacity=50); opacity: 0.5; }
</style> <iframe src="https://www.legalrobot.com/"> </html>

Screen shots attached :D

Thanks, KHIZER JAVED