-
Notifications
You must be signed in to change notification settings - Fork 160
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability type Click Jacking #1456
Comments
Thanks for your contribution to Nuxt!
Issues that are labeled as |
Yes I still can reproduce this issue after you update you version. Here are the steps to reproduce the vulnerability: 1.open notepad and paste the following code. <title>i Frame</title> This is clickjacking vulnerable <iframe src=" https://nuxtjs.org/ " frameborder="2 px" height="500px" width="500px"></iframe> 2.save it as .html eg s.html3.and just simply open that... OR |
This still applies to |
As long as it's SSG, we cannot do much about it as we don't control the headers (as far as I know). Anyway, we don't use cookie for our websites so should be fine, and if they are, we are using the SameSite lax policy. |
Hi team,
This time i founded this vulnerability in your website:
https://nuxtjs.org/
Click jacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.
The server didn't return an X-Frame-Options header which means that this website could be at risk of a click jacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a or <iframe>. Sites can use this to avoid click jacking attacks, by ensuring that their content is not embedded into other sites.
This vulnerability affects Web Server.
Here are the steps to reproduce the vulnerability:
1.open notepad and paste the following code.
<title>i Frame</title>This is clickjacking vulnerable
<iframe src=" https://nuxtjs.org/ " frameborder="2 px" height="500px" width="500px"></iframe>2.save it as .html eg s.html
3.and just simply open that...
OR
Copy the link below and paste on your updated browser (Chrome,Firefox).
https://clickjacker.io/test?url=https://nuxtjs.org/
As far as i know this data is enough to prove that your site is vulnerable to Click jacking
according to OWASP its more than enough.
https://www.owasp.org/index.php/Testing_for_Clickjacking_(OWASP-CS-004)
SOLUTION:
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
Check this out and here is the solution for that.
I Hope that you will fix this issue as soon as possible. Looking forward to hear from you. Thank you
Sincerely,
Hassan Raza
The text was updated successfully, but these errors were encountered: