In this article, we are telling you about how to find clickjacking vulnerability. We have already told you about clickjacking vulnerability. If you have not read that article, you can also read it. how to do clickjacking attack
Here we are telling you that if clickjacking vulnerability occurs in a website, in such a way, how can that website be harmed, it is being told to do practical lab solve here.
If you get clickjacking vulnerability in a website, then you can get good bounty as well as it is also easy to find clickjacking vulnerability, you just need code.
Note – This article is only for educational purpose. Don’t miss use your knowledge and skills.
What is ClickJacking vulnerability ?
In ClickJacking vulnerability, a hacker hydrates some kind of malicious WEBSITE behind some kind of web page. Which is why the normal user clicks on the hacker-created WEBSITE for some other reason.
But in real time, he clicks on some other place on the hidden website. Let us understand this through example. You will also be given the same code to find ClickJacking vulnerability.
Like suppose there is a WEBSITE which is vulnerable to ClickJacking vulnerability. In such a situation, hacker has created a web page and that is a button on the web page and a WEBSITE hide has been done in the background.
And that button has been set in an illegal way. In such a situation, when the normal user clicks on the button on the web page created through hacker. Then it clicked on the button of WEBSITE clicked. This is how ClickJacking vulnerability works.
ClickJacking vulnerability Lab ?
Let us now solve the lab of ClickJacking vulnerability and tell you that if this bug occurs in a website, then how much damage can be done to that website, you will be able to relate it through the lab.
First of all, you have to access the lab as you can see in the image, in front of you, this lab is open in this way, if you want, you can solve the lab of this vulnerability on the website of portswigger.
After this you have to visit this website, here you will get the password and user name as you can also read it, here the password is being dumped as if you can also see in the image.
After doing all this you have to visit the website and you have to login which login credentials you are showing here, this is the login credentials you get by dumping the password through pastebin
After this, when you go to the next step, you will be able to see that you are asked for the code for 2 step verification. Now we do not have any kind of code here but this lab is vulnerable to ClickJacking vulnerability.
In such a way, we can bypass the 2 step verification through ClickJacking vulnerability, after this you will be able to see on the next step, you get the code there as you can see in the image, this code is also given to you in the earlier ClickJacking article.
After doing all this, you are given a command which you have to run here, in this way, this command is given to you here, but in reality you do not have to do this for bug hunting.
To find ClickJacking vulnerability, you have to prepare a fake website, you can host it anywhere here it is hosted on the local server, so this command has been run here.
After doing all this you get a link to the malicious email which you have to access, there is a website show in the mail that you have to visit, in real time you can also exploit ClickJacking vulnerability.
You just have to pay attention that the website in which you have got ClickJacking vulnerability. Due to this bug, how much damage can be done to that website, in easy language, you have to show the impact of the bug in a big way.
After doing all this, when you open the website, you will see that you get the option to increase and decrease the opacity here, as you can also see in the image, in the background you can see the button on the disable two step verification is configured.
After this you will be able to see 2 step verification has also been bypassed and the account has also been accessed, in such a way you have to find this bug in reality, this code link is being given to you.
You have been told in an earlier article how to use that code, if you have not read our earlier article, then you must read it first, then only you will be able to use it.
We hope that you have come to know about Clickjacking Vulnerability. We have told you all this here by solving a lab and you have also been given the download link of the code.
You can solve more labs about this bug which you find on the website of portswigger, you can also practice them by solving them. You also know how to solve this lab with vulnerability like cross site scripting attacks and CSRF.
There is no such method to find clickjacking bug and there are other methods you can find on the website of port swigger, you get a lot of labs which if you solve, then your skills improve
If you like this article of ours, then you must share it, like you have supported our website so much, we hope that you will support our other website equally.
Subscribe to our blog for latest updates
Sharing is Caring