Search the Community
Showing results for tags 'clickjacking'.
Hi Team, #Affected Vendor: http://lcms.chamilo.org/ #Date: 27/03/2015 #Discovered by: Joel Vadodil Varghese #Type of vulnerability: Clickjacking #Tested on: Windows 7 #Product: LCMS Connect #Version: 4.1 #Description: Chamilo is an open-source (under GNU/GPL licensing) e-learning and content management system, aimed at improving access to education and knowledge globally. Chamilo LCMS is a completely new software platform for e-learning and collaboration. Framing involves placing one webpage within another webpage by use of the iframe HTML element. One familiar use of iframes is to embed maps within web pages. LCMS connect is susceptible to clickjacking attack. #Proof of Concept (PoC): ------------------------------------ <iframe src="http://localhost/Chamilo/" sanboxed width=900 height=900> Please check me out !!!! </iframe> -- Regards, *Joel V* Source
# Affected software: 4images # Type of vulnerability: clickjacking,xss # URL: http://www.4homepages.de/ # Discovered by: Provensec # Website: http://www.provensec.com # Description: 4images is a powerful web-based image gallery management system. Features include comment system, user registration and mangagement, password protected administration area with browser-based upload and HTML templates for page layout and design. # Proof of concept 1st:click jacking --: 4images was vuln to clickjacking which could be exploited and used to delete category http://i.imgur.com/vqfz8Lk.png clickjacking poc -: http://prntscr.com/670r9b 2nd: xss adding a new category with xss payload leads to persistent xss vuln http://prntscr.com/670rmi -- Best Regards, *Ankit Bharathan.* *Save Energy... Save Nature... Go Green...* P *Consider the environment. Please don't print this e-mail unless absolutely necessary.* Source