Bounty Hunter Vulnerability Found

  • carlosmdlf

    (@carlosmdlf)


    2 years ago

    Hi there, So I got this blackmaililing email from a supposed Bounty hunter “ethical” hacker who is asking me for money, since I don′t know much about IT I hope maybe someone here who knows better can help to:
    A: Tell if this is true.
    B: Should I do something about it (I mean the supposed bug/vulnerability).
    Thanks a lot for your help.

    “Hi Team,

    I’m a bug bounty hunter and ethical hacker. I provide solutions to organizations to achieve their digital innovation outcomes without compromise on security by delivering a true cybersecurity service ensuring your products and services work seamlessly. I have pinpointed a potential breach in your website, kindly review the report.

    Bug type : UI Redressing

    Impact : Phishing (Account Compromise)

    Description : Clickjacking, also known as a “UI redress attack”, is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top level page. Thus, the attacker is “hijacking” clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both. Using a similar technique, keystrokes can also be hijacked. With a carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe they are typing in the password to their email or bank account, but are instead typing into an invisible frame controlled by the attacker.

    Proof Of Concept:

    <body>
    <h1> Clickjacking in your website </h1>
    <iframe width=”1000″ height=”500″ src=” swapmyvan.com/login “/>
    </body>

    Impact:The site can also be opened in an iframe after the user has logged it making it hard for the user to avoid phishing. A user can be tricked into downloading a malicious file that an attacker wants a user to download, allowing an attacker to gain access to the user’s device.

    Remediation: Add an iframe destroyer in the header of the page.

    Note: It’s not just the login page that is affected by this vulnerability. I hope to receive a reward for the responsible disclosure of the vulnerability waiting for your response. You can contact me if you need more information.”

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Mykyta Synelnikov

    (@nsinelnikov)

    Hi @carlosmdlf

    Most likely this may relate to the overall security of your site and protecting it from being used for the purposes of an attacker.

    WordFence should help.

    Let me know if you have any questions,
    Best Regards!

    Thread Starter carlosmdlf

    (@carlosmdlf)

    Hi @nsinelnikov, actually I have Wordfence installed and running, and yet I received this. What is more my whole site fell down for some reason I don′t get and all of the pages except the main are giving 404 error, and I am not sure if this 2 things are related or not…
    Ex of page with error:

    https://swapmyvan.com/login

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Bounty Hunter Vulnerability Found’ is closed to new replies.