Click-jacking vulnerability

kiran vijay v

Published Jul 18, 2016

Most of the websites are affected by click jacking vulnerabilities where the threat severity is low compared to other vulnerabilities.

Yes we totally agree with the severity perspective. But when we think from hacker perspective this is a plus point for them to exploit an low priority vulnerability where they get the shell of the user. Basically the attack is targeted on the client or we can call it as an client side attack.

Click-jacking :

Click-jacking is a malicious technique that consists of deceiving a web user into interacting with something different to what the user believes they are interacting with. This type of attack, that can be used alone or in combination with other attacks, could potentially send unauthorized commands or reveal confidential information while the victim is interacting with seemingly harmless web pages.

Attacker just inserts a malicious web link to the vulnerable website through iframe. Once the malicious web link is inserted, any end users who clicks on to the link redirects to malicious page where they are asked to insert the credentials or details of the end user.

Many organization ignore some low priority vulnerability and they focus more into high and critical vulnerabilities. Patches are also applied to this high and critical vulnerabilities and miss out low priority vulnerabilities. By this way we are inviting hackers to exploit our environment and end user protection is not maintained.

Example: An hacker uploading a malicious link which is a fake Facebook page into the vulnerable website. When an user enters into the website and click on to the malicious link, he/she is redirected to fake Facebook page where they enter their credentials by which the hacker compromises the victims Facebook account.

So it is recommended for each website owners to patch out such vulnerability and safe guard the end users from being attacked in Internet.Educate the clients regarding the low priority vulnerability and how it can be utilized by an attacker.

During a Vulnerability Assessment please do not consider only high and critical vulnerability but also consider a low priority vulnerability from being attacked.

For more details about click jacking , how to test etc.. are given in the below link:

Reference - OWASP documents

Regards,

Kiran vijay.v

To view or add a comment, sign in

Click-jacking vulnerability

kiran vijay v

More articles by kiran vijay v

Others also viewed

STOP IT! - We need vendors to start fixing the root cause of vulnerabilities

Zero-Day Vulnerabilities: Sneaky Cyber Threats You Should Know About

What Pen Tests Reveal: The Top 3 Findings

What are zero-day exploits and why are they so hard to protect against?

Should Exploit Code be Published When Vulnerabilities are Made Public?

How to Disclose a Security Vulnerability and Stay Alive

What is a Zero-Day Attack? Its Examples, Prevention & Detection

Slow Loris Cyber Attacks – The Nightmare of Lingering Connections

Threat Behind a Pop-Up

Nmap Scanner | Complete Course | Scanning Networks & Vulnerabilities | OSCP

Explore content categories

More articles by kiran vijay v

Why Most Vulnerability Prioritization Programs Fall Short—and What Truly Moves the Needle

Artificial Intelligence - ChatGPT | Cyber Security Risk

Cloud Security

Introduction to Sockets

Elearnsecurity PTS course and eJPT exam Review - Penetration test

Basics of Buffer Overflow Attacks

Hacking a Linux Machine in Grub Mode

HTTP VS HTTPS - Web application penetration testing Basics