kishu-inu / kishu-inu-contracts Goto Github PK

Hi team,

This time I founded this vulnerability in your website: https://kishu.com/

Severity: Medium

Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.

The server didn't return an X-Frame-Options header, which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a or <iframe>. Sites can use this to avoid clickjacking attacks by ensuring that their content is not embedded into other sites.

This vulnerability affects the Web Server.

Here are the steps to reproduce the vulnerability:

1.open the notepad and paste the following code.

This is clickjacking vulnerable

2.save it as .html eg s.html

3.and open that...

As far as I know, this data is enough to prove that your site is vulnerable to Clickjacking
according to OWASP, it's more than enough.

https://www.owasp.org/index.php/Testing_for_Clickjacking_(OWASP-CS-004)

SOLUTION:

https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet

Check this out, and here is the solution for that.

Impact:
Clickjacking is one of the security flaws which could be harmful in multiple scenarios such as, an attacker can impose a blind XSS payload, and it won't be visible; whenever any victim will click on anywhere of your web-page, the blind XSS is going to be executed and steal the victim cookies.

Moreover, attackers make the victim download any malicious file, allowing the attacker to remotely control the victim's PC and transfer any data or perform any unethical activity from the victim's PC without even his knowledge.

These are quite enough scenarios to understand the importance of this vulnerability.

I hope that you will fix this issue as soon as possible.

I look forward to hearing from you.
Thank you

The LICENSE file says MIT but the sol file contains SPDX-License-Identifier: Unlicensed

Which is correct? Thanks!

Hello Team,

I found this vulnerability in your website: https://kishu.atlassian.net/servicedesk/customer/user/signup

Description:
Hi team, I found this while checking your services that Kishu is also using atlassion services and dev team left signup option publically so that any attacker can send details internally to the team.

Here is the proof I created a fake request pretend to be a staff member asking for admin access attacker can get admin access by this technique.
I'm expecting your prompt response on the reported vulnerability.

Thank you

Hi team,

I am a security researcher and I found this vulnerability in your website: https://kishu.com/

Vulnerability report: Reverse Tab Nabbing Attack
`
Issue lies Here :

<a href="https://twitter.com/inukishu" rel="nofollow noopener noreferrer"target="_blank" class="social-icon-item is--hero w-inline-block">

Proof of concept:
image.png
Tab Nabbing Exploit:

Whenever you open a new tab by clicking a link whose HTML code looks like this, JavaScript will keep a reference to the window object of the site that opened the tab:
Blog
You are not allowed to read the location of the site that opened the tab, whether the rel = "noreferrer" attribute is set or not. However, what you can do is change the location of the opener by using the following JavaScript code:
window.opener.location = 'https://attacker.com/phishing';

The tabnabbing attack would happen as follows:

The victim clicks a link on https://example.com/ containing target = "_blank", which leads to https://attacker.com/

https://attacker.com/ immediately redirects the tab where https://example.com/ is located to https://attacker.com/phishing

The victim looks at the attacker.com page and then goes back to the previous tab containing a phishing page that looks exactly like https://example.com/, but prompts the victim to enter their login details again

This makes a phishing attack much more effective, because the user is not expecting such behaviour and thinks they are still on the original page ('tabnabbing'). The way to thwart this attack is to use rel = "noopener", though rel = "noreferrer" has the same effect.
It's interesting how such a small parsing mistake can have such a huge impact on the security of an application.

In this report I have only talked about twitter but you have to use rel="nofollow noopener noreferrer" in all the external links present in your website.

Refrences:

1: https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/
2: https://developers.google.com/web/tools/lighthouse/audits/noopener
3: https://mathiasbynens.github.io/rel-noopener/

I Hope you will fix this issue as soon as possible. Looking forward to hear from you. Thank You

Regards,
Zoyna

Hello team,

This is Zoyna and I've found a security flaw in your website: https://kishu.com/

Description:
Team, while testing your security headers, I've found many headers are missing such as,Strict-Transport-Security,X-Frame-Options, Content-Security-Policy, and Permissions-Policy.

HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. Recommended value "Strict-Transport-Security: max-age=31536000; includeSubDomains".

X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. Recommended value "X-Frame-Options: SAMEORIGIN".

Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.

Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.

Suggestion:
You are required to fix all these headers in order to make your system much more stronger.

Thank you

main