Skip to main content

Click-jacking or UI Redressing

Hi! Just want to share my finding, I have found Click-jacking or UI Redressing Vulnerability in  on Google Map, enjoy ;-)

This bug was reported to Google Security Team, fixed immediately.


Title: ClickJacking or UI Redressing on Google Map

Business Risk: Normal

Discovery Date: October 8, 2013

Author: Jitendra Jaiswal (me)

Poc Details 

Impact On victim : 
1. attacker change victim profile pic by useing his webcam and upload
2. update status acording to attacker


Jeet Jaiswal


Post a Comment

Popular posts from this blog


This post will demonstrate a simple bug which will lead to a full takeover of any Facebook account, with  no user interaction . Enjoy. Facebook gives you the option of linking your mobile number with your account. This allows you to receive updates via SMS, and also means you can login using the number rather than your email address. The flaw lies in the  /ajax/settings/mobile/confirm_phone.php  end-point. This takes various parameters, but the two main are  code , which is the verification code received via your mobile, and profile_id , which is the account to link the number to. The thing is,  profile_id  is set to your account (obviously), but changing it to your target’s doesn’t trigger an error. To exploit this bug, we first send the letter  F  to  32665 , which is Facebook’s SMS shortcode in the UK. We receive an 8 character verification code back. To exploit this bug, we first send the letter  F  to  51555 , which is Facebook’s SMS shortcode in the India. We receive

Evil App Steal Facebook Access Token

Evil App Steal Facebook Access Token  Facebook say about this users Responsible for this its not an issue for facebook so After 3 month i am disclose this may be now they make some change but its still work .......  so users not allow any app to access your data on facebook or dont login anywhere using Facebook may be this an Attacker and After steal your Facebook Access Token he Can Hack your facebook Account  Easily....  [#] Title           :   Evil App Steal Facebook Access Token  [#] Status        :  Unfixed [#] Severity     :  very High [#] Works on  :  Any browser with any version [#] Homepage  : [#] Author       :  Jitendra Jaiswal [#] Email          : This Vulnerability is exploitable to all users who are use facebook apps and allow access of apps an attacker can modify all app setting in url Impact of Vulnerability: An attackers can store  user access token with 2 month no Expires also token not expire if user