Last weekend, I had a chance to use the Google cloud print service and found Clickjacking vulnerability. Obviously, X-Frame-Options response header was missing as shown in the below image.
According to the new Google bug bounty program, if clickjacking vulnerability is performed using two clicks will not be considered for VRP or bug. That’s why this vulnerability is not considered by the Google Security team.
As this vulnerability doesn’t matter to Google, that’s why we would like to release the Clickjacking vulnerability POC publicly. The working POC can be viewed here.
Looking to strengthen your security posture? SecureLayer7 helps organizations identify vulnerabilities, reduce risk, and defend against evolving cyber threats. Contact our experts to get started.