Rediffmail Vulnerable To Click Jacking Vulnerability ( Rediffmail Clickjacking )
Hello friends
Today i will show you how i find click jacking in Rediffmail.com
First if you dont know about click jacking then Click Here To Know About It
First i try to load rediffmail in i frama as concept of click jacking..
I forget to take this screen shot so i am skipping this step
Then i think why should i try to load rediffmail settings page in iframe hope i will got a good response
After loading i got success to load rediffmail settings page in iframe as showing
then i create online free prize offer for lure the victim.
Here you can see i created some stuff at bottom,middle,center
Now finally i hide this page in iframe ;-) Like this
As you can see page is hided now if i send this page by hosting or by directly then victim open this and want follow these steps
then he will change his mobile no with my mobile no.
Then i can reset his password by my mobile no.
I was reported this vulnerability to Rediffmail But There was no reply came From them side
so repor this report to ehackingnews.com...Thanks to Sabari To post this article..
You can see this another article Here
No comments:
Post a Comment