kishu-inu / kishu-inu-contracts Goto Github PK
View Code? Open in Web Editor NEWKishu Inu $KISHU contracts
Home Page: http://kishu.com
License: MIT License
Kishu Inu $KISHU contracts
Home Page: http://kishu.com
License: MIT License
Hi team,
This time I founded this vulnerability in your website: https://kishu.com/
Severity: Medium
Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.
The server didn't return an X-Frame-Options header, which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a or <iframe>. Sites can use this to avoid clickjacking attacks by ensuring that their content is not embedded into other sites.
This vulnerability affects the Web Server.
Here are the steps to reproduce the vulnerability:
1.open the notepad and paste the following code.
<title>i Frame</title>2.save it as .html eg s.html
3.and open that...
As far as I know, this data is enough to prove that your site is vulnerable to Clickjacking
according to OWASP, it's more than enough.
https://www.owasp.org/index.php/Testing_for_Clickjacking_(OWASP-CS-004)
SOLUTION:
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
Check this out, and here is the solution for that.
Impact:
Clickjacking is one of the security flaws which could be harmful in multiple scenarios such as, an attacker can impose a blind XSS payload, and it won't be visible; whenever any victim will click on anywhere of your web-page, the blind XSS is going to be executed and steal the victim cookies.
Moreover, attackers make the victim download any malicious file, allowing the attacker to remotely control the victim's PC and transfer any data or perform any unethical activity from the victim's PC without even his knowledge.
These are quite enough scenarios to understand the importance of this vulnerability.
I hope that you will fix this issue as soon as possible.
I look forward to hearing from you.
Thank you
The LICENSE file says MIT but the sol file contains SPDX-License-Identifier: Unlicensed
Which is correct? Thanks!
Hello Team,
I found this vulnerability in your website: https://kishu.atlassian.net/servicedesk/customer/user/signup
Description:
Hi team, I found this while checking your services that Kishu is also using atlassion services and dev team left signup option publically so that any attacker can send details internally to the team.
Here is the proof I created a fake request pretend to be a staff member asking for admin access attacker can get admin access by this technique.
I'm expecting your prompt response on the reported vulnerability.
Thank you
Hi team,
I am a security researcher and I found this vulnerability in your website: https://kishu.com/
Vulnerability report: Reverse Tab Nabbing Attack
`
Issue lies Here :
Here I can see you are using target=_blank and no more rel-tag.
Here, target=_blank means it will open in another new tab but due to tab nabbing it can change the parent tab as well. So as per the security principle don't trust much on 3rd party and be on your safe side.
FIX & MITIGATION :
To mitigate this issue we need to use rel="nofollow noopener noreferrer" as follows:
<a href="https://twitter.com/inukishu" rel="nofollow noopener noreferrer"target="_blank" class="social-icon-item is--hero w-inline-block">
Proof of concept:
image.png
Tab Nabbing Exploit:
Whenever you open a new tab by clicking a link whose HTML code looks like this, JavaScript will keep a reference to the window object of the site that opened the tab:
Blog
You are not allowed to read the location of the site that opened the tab, whether the rel = "noreferrer" attribute is set or not. However, what you can do is change the location of the opener by using the following JavaScript code:
window.opener.location = 'https://attacker.com/phishing';
The tabnabbing attack would happen as follows:
The victim clicks a link on https://example.com/ containing target = "_blank", which leads to https://attacker.com/
https://attacker.com/ immediately redirects the tab where https://example.com/ is located to https://attacker.com/phishing
The victim looks at the attacker.com page and then goes back to the previous tab containing a phishing page that looks exactly like https://example.com/, but prompts the victim to enter their login details again
This makes a phishing attack much more effective, because the user is not expecting such behaviour and thinks they are still on the original page ('tabnabbing'). The way to thwart this attack is to use rel = "noopener", though rel = "noreferrer" has the same effect.
It's interesting how such a small parsing mistake can have such a huge impact on the security of an application.
In this report I have only talked about twitter but you have to use rel="nofollow noopener noreferrer" in all the external links present in your website.
Refrences:
1: https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/
2: https://developers.google.com/web/tools/lighthouse/audits/noopener
3: https://mathiasbynens.github.io/rel-noopener/
I Hope you will fix this issue as soon as possible. Looking forward to hear from you. Thank You
Regards,
Zoyna
Hello team,
This is Zoyna and I've found a security flaw in your website: https://kishu.com/
Description:
Team, while testing your security headers, I've found many headers are missing such as,Strict-Transport-Security,X-Frame-Options, Content-Security-Policy, and Permissions-Policy.
HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. Recommended value "Strict-Transport-Security: max-age=31536000; includeSubDomains".
X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. Recommended value "X-Frame-Options: SAMEORIGIN".
Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.
Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.
Suggestion:
You are required to fix all these headers in order to make your system much more stronger.
Thank you
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.