Get All your Clickjacking Vulnerability Triaged with this Exploitation!😎
Hi, Ajak Amico’s welcome back to another blog today, so Everybody would have reported a clickjacking bug in your bug bounty journey right?, but what will be your status, probably P5 or informative right? we can change that to P4 from on with this blog💪. So recently I saw a GitHub page from a cybersecurity researcher named Shifa123 on how to increase the impact of clickjacking bug, I will share that method, step by step now! Before starting, if you haven’t subscribed to our channel, do subscribe, guys. Contents related to cyber security, Bug Bounty, and Digital Forensics Investigation.👇
Follow our Youtube Channel: @ajakcybersecurity (354Videos)
Follow on Instagram: @ajakcybersecurity
What is clickjacking?
Clickjacking is an attack that tricks a user into clicking a webpage element that is invisible or disguised as another element. This can cause users to unwittingly download malware, visit malicious web pages, provide credentials or sensitive information, transfer money, or purchase products online.
How to Increase the Impact?
- Go to this GitHub link! https://github.com/shifa123/clickjackingpoc
- Clone the Git URL and open your Kali Linux!
- open a terminal and type the following command👇
git clone https://github.com/shifa123/clickjackingpoc
cd clickjackingpoc
- Now we are going to capture the username and password on our local server, so enter the following command now👇
php -S localhost:8000
- Now go to your browser and type localhost:8000
- Now you will have a web page loaded like the below screenshot
- Now in the URL just type your target URL Eg:(http://testphp.vulnweb.com)
- Now your page looks like this
- Now Simply drag and drop the Login button and password button exactly in the position where your target username and password position is, as shown in the screenshot below
- Ok, we are all set now! Now first click on the load button and next click View Button, you will have a webpage like this now👇
- Now simply enter your username and click login! Boom! your password is captured In our backend! and you will get an alert
Extra Tips:
- Yes, your POC is ready now!
- Now while submitting in bugcrowd or Hackerone, record the POC like this and show this following impact.
- Your Status will be from informative to Triaged!😎
- To make it even better, you can change the size of the login and password button according to your Target(username and password ) size
- Since this is an open-source project, we can change any code according to our convenience.
- If you hit HOF, don’t forget to give credits for this blog❤️, To support more you can buy me a coffee also🙌😁
- If you have doubts on exploitation, feel free to pin me on Instagram 👍
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -
Hope you would have learned some information from this blog if so, kindly press that follow button for further updates. Best wishes from Ajak Cybersecurity.❤️
“கற்றவை பற்றவை🔥”
Learn Everyday, Happy Hacking 😁🙌
https://www.buymeacoffee.com/Ajak
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Follow our Youtube Channel: @ajakcybersecurity
Follow on Instagram: @ajakcybersecurity
