Tuesday, 23 April 2013

Rediffmail Clickjacking


Rediffmail Vulnerable To Click Jacking Vulnerability ( Rediffmail Clickjacking )


Hello friends

Today i will show you how i find click jacking in Rediffmail.com

First if you dont know about click jacking then Click Here To Know About It

First i try to load rediffmail in i frama as concept of click jacking..


I forget to take this screen shot so i am skipping this step


Then i think why should i try to load rediffmail settings page in iframe hope i will got a good response




After loading i got success to load rediffmail settings page in iframe as showing


then i create online free prize offer for lure the victim.





Here you can see i created some stuff at bottom,middle,center

Now finally i hide this page in iframe ;-) Like this




As you can see page is hided now if i send this page by hosting or by directly then victim open this and want follow these steps

then he will change his mobile no with my mobile no.

Then i can reset his password by my mobile no.


I was reported this vulnerability to Rediffmail But There was no reply came From them side

so repor this report to ehackingnews.com...Thanks to Sabari To post this article..

You can see this another article Here





No comments:

Post a Comment

Featured post

Yandex IMAP Brute Forcing(No Rate Limit For Login Attempts)

Hello Guyzssss, I am not in bug bounty so much, But while using one of the yandex service, I found that there was no Rate Limit Deploye...

Popular Posts