Tuesday 23 April 2013

Rediffmail Clickjacking

Rediffmail Vulnerable To Click Jacking Vulnerability ( Rediffmail Clickjacking )

Hello friends

Today i will show you how i find click jacking in Rediffmail.com

First if you dont know about click jacking then Click Here To Know About It

First i try to load rediffmail in i frama as concept of click jacking..

I forget to take this screen shot so i am skipping this step

Then i think why should i try to load rediffmail settings page in iframe hope i will got a good response

After loading i got success to load rediffmail settings page in iframe as showing

then i create online free prize offer for lure the victim.

Here you can see i created some stuff at bottom,middle,center

Now finally i hide this page in iframe ;-) Like this

As you can see page is hided now if i send this page by hosting or by directly then victim open this and want follow these steps

then he will change his mobile no with my mobile no.

Then i can reset his password by my mobile no.

I was reported this vulnerability to Rediffmail But There was no reply came From them side

so repor this report to ehackingnews.com...Thanks to Sabari To post this article..

You can see this another article Here

No comments:

Post a Comment