Google Cloud Print ClickJacking Vulnerability

vBulletin SQL Injection Exploit in the Wild CVE-2016-6195
July 18, 2016
Race condition vulnerability
Learn About Race Conditions Vulnerability
October 1, 2016

August 26, 2016

Last weekend, I had a chance to use the Google cloud print service and found Clickjacking vulnerability. Obviously, X-Frame-Options response header was missing as shown in the below image.

According to the new Google bug bounty program, if clickjacking vulnerability is performed using two clicks will not be considered for VRP or bug. That’s why this vulnerability is not considered by the Google Security team.

Clickjacking VulnerabilityAs this vulnerability doesn’t matter to Google, that’s why we would like to release the Clickjacking vulnerability POC publicly. The working POC can be viewed here.

 

Discover more from SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management

Subscribe now to keep reading and get access to the full archive.

Continue reading

Enable Notifications OK No thanks