X-Frame-Options: sameorigin can be used to allow application for same origin to be framed inside the application.X-Frame-Options: deny won’t allow any website to be framed as part of application.X-Frame-Options can be used at server side.Make sure that user input data is accepted without validation or sanitization.Mitigation for this attack is relying on User-Interface, so browser headers that were developed for this issue can be configured at the webserver. Even to verify about that attacker site, ip address or DNS can be cross-checked in phishing domain search sites for its integrity.Īlso Read Latest Cyber Security News – Hacker News ! If it’s not the same URL, then it’s better to avoid submitting such information on the original site. Click on that source and check whether that website URL matches the original/originated website. If the iframe option is the user and some other source is mentioned here attacker.html. Right-Click on the website and select the view page source option. One simple rule can be followed by the user to avoid this attack. But, it’s always the vulnerable website’s responsibility to fix such issues through coding. There are lots of efforts made into fixing these issues by browsers so far. Once, the attacker grabs the entire payment detail from the victim user, anytime the user can be scammed into huge financial loss. Now, the user can’t differentiate any difference between the two sites and is tricked to enter the details. Once the attacker’s website is embedded into the vulnerable site, it looks like below.Īlso Read: Server Side Request Forgery – How it works ? If there is injection vulnerability exists in the application and this application deals with collecting lots of sensitive information from the user for processing payment which is not even allowed to store (credit/debit card) data as per standards.Īn attacker can grab this opportunity to embed attacker website into this application and trick users to submit payment details. Check the below website which is advertising season sale. To understand more, let’s look at one example website.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |