Clickjacking using simple HTML script

Welcome back, amazing readers! Today, I want to share with you an important topic: how I discovered a clickjacking bug using simple HTML script. During my recon phase, I initially conducted various tests such as Open redirect, XSS and BAC but unfortunately, I couldn’t find anything interesting.

However, while reviewing the headers, I noticed that the X-Frame-Options header was missing. This missing header made the website vulnerable to clickjacking, also known as UI Redressing. Clickjacking is a dangerous technique used to deceive users into clicking on something other than what they think they’re clicking on. This can potentially lead to the disclosure of private information or allow attackers to take control of their computers, all while interacting with seemingly harmless objects like websites.

For the purpose of POC, I used this simple script:

        <title>Clickjack test page</title>
        <iframe src="" width="500" height="500"></iframe>       <!-- Change the src attribute to the target URL -->

To mitigate clickjacking attacks, it is crucial to enable the X-Frame-Options header and implement Content Security Policy (CSP) headers. These measures help protect against UI Redressing attacks.

If you’re interested in learning more about cybersecurity, Stay tuned for upcoming articles where we’ll explore various cybersecurity topics. Thank you for joining me today!

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions or brave browser to block ads. Please support us by disabling these ads blocker.Our website is made possible by displaying Ads hope you whitelist our site. We use very minimal Ads in our site


Scroll to Top