Skip to main content

Click-jacking or UI Redressing

By





Hi! Just want to share my finding, I have found Click-jacking or UI Redressing Vulnerability in  on Google Map, enjoy ;-)



This bug was reported to Google Security Team, fixed immediately.

About


Title: ClickJacking or UI Redressing on Google Map

Business Risk: Normal

Discovery Date: October 8, 2013

Author: Jitendra Jaiswal (me)

Poc Details 

Impact On victim : 
1. attacker change victim profile pic by useing his webcam and upload
2. update status acording to attacker




Best,

Jeet Jaiswal


Comments

Post a Comment

Popular posts from this blog

Facebook Web Security Bug Bounty: Directory Traversal Vulnerability / RCE In Parse.com

By
http://parse.com   directory traversal vulnerability Little Insight: http://parse.com  was vulnerable to a directory traversal / RCE vulnerability. As a result, it was possible for an attacker to load web server-readable files from the local filesystem. or Run commend on That Well this is my 4th reward form facebook  Directory Traversal or RCE Vulnerability  That  give me 5th position in Facebook white-hat Page Report Date :23  July 2014 Reward For Directory Traversal or RCE Vulnerability :  20000$ How This work......? As we discussed earlier on my old post  Flowdock Directory Traversal Vulnerability exposed files outside of Rails’ view paths. '%5C' turns into '\' after decoding. Using Rack::Protection    it only rejects '/../' segments in the request path.   patch apply for Rack::Protection acording CVE-2014-0130  and  also Reject now '%5C' turns into '\' af...
Post a Comment
Read more

HC WeB : A Browser for HACKERS...

By
A Browser for HACKERS... Try for Free... Download HC WeB Setup Gallery: Online Penetration Testing Tools Index Information Gathering Whois DNS Location Info Enumeration and Fingerprint Data Mining Search Engines Editors Online Text Editors Share Text Snippets Network Utilities Ping HTTP HTTPS VNC Remote Desktop SSH DNS Sniffers Misc Forensics Frameworks URL Cloaking E-mail Password Cracking Encoders and Decoders Encoders Decoders Malwares Malware Analysis Identify Malicious Websites Suspected Malicious IPs and URLs Application Auditing SQL Injection Cross Site Scripting File Inclusion Anonymity Proxy Others Hackery Open Penetration Testing Bookmarks Collection Hacker Media Blogs, Forums, Magazines and Videos. Methodologies Penetration testing frameworks, standards and methodologies. OSINT Presentations, People, Organizations and Infrastructure.  Exploits an...
Post a Comment
Read more