Member-only story
CLICKJACKING TO OBTAIN LOGIN CREDENTIALS
Free Article Link: Click for free!
Hey guys! Hope you all are doing fine. As I was approached by many community members asking to share with them some insights regarding my bounties, so I thought what better way to do it…than doing a write-up.
In today’s topic, I will be sharing my first ever encounter with clickjacking that persisted on a login form. But before that let’s shed some light on what clickjacking is?
Clickjacking is basically a portmanteau of words including “click” and “hijacking”, meaning hijacking someone’s click and using it for malicious purposes.
An attacker embeds the vulnerable site within a transparent iframe inside the attacker’s own website and overlays it with objects such as a button using CSS thus tricking the user into performing unintended actions on the vulnerable site.
Due to the way it’s implemented, the focus of the term “UI redressing” was changed to describe the category of these attacks, rather than just clickjacking itself.
Usually, it is described as a low-tier finding but since in my case it existed on a login form that could potentially be…
