Google Cloud Print ClickJacking Vulnerability
vBulletin SQL Injection Exploit in the Wild CVE-2016-6195
July 18, 2016
Learn About Race Conditions Vulnerability
October 1, 2016
at
Last weekend, I had a chance to use the Google cloud print service and found Clickjacking vulnerability. Obviously, X-Frame-Options response header was missing as shown in the below image.
According to the new Google bug bounty program, if clickjacking vulnerability is performed using two clicks will not be considered for VRP or bug. That’s why this vulnerability is not considered by the Google Security team.
As this vulnerability doesn’t matter to Google, that’s why we would like to release the Clickjacking vulnerability POC publicly. The working POC can be viewed here.
Sandeep Kamble
Sandeep Kamble is Founder and CTO of SecureLayer7. You can find him on twitter @sandeepL337
