Scribd
Upload
9 views

Clickjacking Using Simple HTML Script - Codelivly

Uploaded by

enzobouraima
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
9 views

Clickjacking Using Simple HTML Script - Codelivly

Uploaded by

enzobouraima
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Codelivly  

Home » Ethical hacking » Clickjacking using simple HTML script

ETHICAL HACKING

Clickjacking using simple HTML script


By Rocky ◆ June 10, 2023  No Comments  2 Mins Read

 Share     

Welcome back fellow cybersecurity enthusiasts! It’s me Rocky! Today, I want to share with
you an important topic: how I discovered a clickjacking bug using simple HTML script. During
my recon phase, I initially conducted various tests such as Open redirect, XSS and BAC but
unfortunately, I couldn’t find anything interesting.
However, while reviewing the headers, I noticed that the X-Frame-Options header was
missing. This missing header made the website vulnerable to clickjacking, also known as UI
Redressing. Clickjacking is a dangerous technique used to deceive users into clicking on
something other than what they think they’re clicking on. This can potentially lead to the
disclosure of private information or allow attackers to take control of their computers, all while
interacting with seemingly harmless objects like websites.
For the purpose of POC, I used this simple script:

<html>
<head>
<title>Clickjack test page</title>
</head>
<body>
<iframe src="https://example.com" width="500" height="500"></iframe
> <!-- Change the src attribute to the target URL -->
</body>
</html>

To mitigate clickjacking attacks, it is crucial to enable the X-Frame-Options header and


implement Content Security Policy (CSP) headers. These measures help protect against UI
Redressing attacks.
If you’re interested in learning more about cybersecurity, Stay tuned for upcoming articles
where we’ll explore various cybersecurity topics. Thank you for joining me today!

     

 PREVIOUS ARTICLE NEXT ARTICLE 

The Dark Side of Wireless Networks: Master the Most In-Demand


Intro to Wi-Fi Hacking Programming Languages of the Next
Decade
Rocky     

Rocky is a versatile author sharing in-depth tutorials on web development, AI, and ethical
hacking. Unlock new possibilities and expand your knowledge with Rocky's empowering
content.

Related Posts

CYBER SECURITY ETHICAL HACKING

So You Want to Be a Hacker: 2024 Edition Multiple Ways To Exploiting HTTP


May 8, 2024 Authentication
March 30, 2024

ETHICAL HACKING

Bypassing Two-Factor Authentication


March 30, 2024

ADD A COMMENT

Search … SEARCH
Support Us

ABOUT US

This is the Codelivly blog. Here, you will find articles discussing various topics related to coding
and programming. Our goal is to provide helpful resources and advice for beginners and
experienced coders alike.

RECENT POSTS

So You Want to Be a Hacker: 2024 Edition


What is Active Directory? A Beginner’s Guide
Mastering Networking Fundamentals: A Comprehensive Guide for Hackers
Multiple Ways To Exploiting HTTP Authentication
Bypassing Two-Factor Authentication

IMPORTANT PAGE

About Us
Advertise With Us
Contact US
Privacy Policy
Refund Policy
Write For Us

     

© 2024 Codelivly. All Right Reserved

You might also like