Nextcloud: Clickjacking on

ID H1:662155
Type hackerone
Reporter j4tayu
Modified 2019-11-11T15:23:42


the vulnerability is Clickjacking

Steps for Reproduce:

  1. Create a script like this <title> Clickjacking! </ title> <p> The Site is Vulnerability Clickjacking </ p> <iframe src = "" height = "700px" width = "700px"> </ iframe>

  2. Enter a file name after saving it in the .html format Then the web is Vuln Clickjacking

Sorry bad english (im indonesian)


By using Clickjacking technique, an attacker hijack's click's meant for one page and route them to another page, most likely for another application, domain, or both.