[MacPorts] #62680: UI Redressing leads to perform unauthenticated Actions
MacPorts
noreply at macports.org
Mon Apr 12 04:28:17 UTC 2021
#62680: UI Redressing leads to perform unauthenticated Actions
-----------------------------+--------------------
Reporter: ImPRINCE99 | Owner: (none)
Type: request | Status: new
Priority: High | Milestone:
Component: website | Version:
Keywords: Reporting a Bug | Port:
-----------------------------+--------------------
Hello I am Chirag Prajapati a Certified Penetration Tester and Ethical
Hacker my License no is: 10188-161-078-1726.
I found a CRITICAL Vulnerability on your website: macports.org
This Vulnerability is about ClickJacking !
INTRODUCTION
=============================
Clickjacking, also known as a “UI redress attack”, is when an attacker
uses multiple transparent or opaque layers to trick a user into clicking
on a button or link on another page when they were intending to click on
the top level page.
It is a malicious technique of tricking a user into clicking on something
different from what the user perceives, thus potentially revealing
confidential information or allowing others to take control of their
computer while clicking on seemingly innocuous objects, including web
pages.
DESCRIPTION
=================================
The website "macports.org" is vulnerable to clickjacking attack. One of
the main impacts is that the domain is containing a user
login field, which makes high impact.The server didn't return an X-Frame-
Options header which means that this website could be at risk of a
clickjacking attack. The X-Frame-Options HTTP response header can be used
to indicate whether or not a browser should be allowed to render a
page in a <frame> or <iframe>. Sites can use this to avoid clickjacking
attacks, by ensuring that their content is not embedded into other sites.
STEPS TO REPRODUCE
=====================================
make the below simple script and put the vulnerable domain in it.
<!DOCTYPE HTML>
<html lang="en-US">
<head>
<meta charset="UTF-8">
<title>I Frame</title>
</head>
<body>
<h3>clickjacking vulnerability by Chirag Prajapati</h3>
<iframe src="https://www.macports.org/" height="550px"
width="700px"></iframe>
</body>
</html>
save it as an html file and open in a browser!!
IMPACT
=================================
The user assumes that they're entering their information into a usual form
but they're actually entering it in fields the hacker has overlaid on
the UI. Hackers will target passwords, credit card numbers and any other
valuable data they can exploit.
SOLUTION
=================================
* Sending the proper X-Frame-Options HTTP response headers that instruct
the browser to not allow framing from other domains
Employing defensive code in the UI to ensure that the current frame is the
most top level window
* Most modern Web browsers support the X-Frame-Options HTTP header. Ensure
it's set on all web pages returned by your site (if you expect the
page to be framed only by pages on your server (e.g. it's part of a
FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never
expect
the page to be framed, you should use DENY. ALLOW-FROM allows specific
websites to frame the web page in supported web browsers)
REFERENCES
==================================
https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Clickjacking_Defense_Cheat_Sheet.md
https://hackerone.com/reports/299009
Looking forward to hearing from you !
--
Ticket URL: <https://trac.macports.org/ticket/62680>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list