Lucene search

CtflearnerE5959166-C8EF-4ADA-9BB1-0FF5A9693BAC

HistoryFeb 25, 2023 - 9:11 a.m.

UI REDRESSING

2023-02-2509:11:57

ctflearner

www.huntr.dev

web application

ui redressing

frame objects

user interface

clickjacking

x-frame-options

content security policy

framebusting

EPSS

0.001

Percentile

48.8%

JSON

Description

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with

Steps To Reproduce

1. Create a New HTML file as shown in below i.e Test.html
2. Put `&lt;iframe src="http://demo.bumsys.org/" width="1000" height="1000"&gt;&lt;/iframe&gt;`
3. Save the File
4. Open the File(Test.html) in Browser(i.e Firefox )

File : Test.html

&lt;!DOCTYPE html&gt;
&lt;html lang="en"&gt;
&lt;head&gt;
    &lt;meta charset="UTF-8"&gt;
    &lt;meta http-equiv="X-UA-Compatible" content="IE=edge"&gt;
    &lt;meta name="viewport" content="width=device-width, initial-scale=1.0"&gt;
    &lt;title&gt;Clickjacking Attack&lt;/title&gt;
&lt;/head&gt;
&lt;body&gt;
    <p>This Page is Vulnerable to Clickjacking</p>
&lt;iframe src="http://demo.bumsys.org/" width="1000" height="1000"&gt;&lt;/iframe&gt;
&lt;/body&gt;
&lt;/html&gt;

Proof of Concept

https://drive.google.com/file/d/12iuOMyGVS9qz5j3638PAVdYvhCipTfbi/view?usp=sharing

COUNTERMEASURE

It's important to implement the X-Frame-Options header, using a content security policy (CSP), and enabling browser features like Framebusting.

References

developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

hackerone.com/reports/591432

EPSS

0.001

Percentile

48.8%

JSON

Related for E5959166-C8EF-4ADA-9BB1-0FF5A9693BAC