Skip to content

Latest commit

 

History

History
135 lines (134 loc) · 15.7 KB

TOPCLICKJACKING.md

File metadata and controls

135 lines (134 loc) · 15.7 KB
Raw

Top Clickjacking reports from HackerOne:

  1. RCE of Burp Scanner / Crawler via Clickjacking to PortSwigger Web Security - 160 upvotes, $3000
  2. Highly wormable clickjacking in player card to X (Formerly Twitter) - 131 upvotes, $0
  3. Twitter Periscope Clickjacking Vulnerability to X (Formerly Twitter) - 129 upvotes, $1120
  4. Clickjacking on donation page to WordPress - 89 upvotes, $0
  5. Viral Direct Message Clickjacking via link truncation leading to capture of both Google credentials & installation of malicious 3rd party Twitter App to X (Formerly Twitter) - 64 upvotes, $0
  6. Sensitive Clickjacking on admin login page. to Shipt - 53 upvotes, $0
  7. Stealing User emails by clickjacking cards.twitter.com/xxx/xxx to X (Formerly Twitter) - 49 upvotes, $0
  8. Clickjacking vkpay to VK.com - 44 upvotes, $0
  9. [api.tumblr.com] Exploiting clickjacking vulnerability to trigger self DOM-based XSS to Automattic - 30 upvotes, $0
  10. URL is vulnerable to clickjacking https://app.passit.io/ to Passit - 28 upvotes, $0
  11. Clickjacking Vulnerability Can Leads To Delete Developer APP to TikTok - 23 upvotes, $500
  12. Clickjacking at ylands.com to BOHEMIA INTERACTIVE a.s. - 19 upvotes, $80
  13. Clickjacking in the admin page to Rocket.Chat - 18 upvotes, $0
  14. Clickjacking in [exchangemarketplace.com] to Shopify - 17 upvotes, $0
  15. Clickjacking at join.nordvpn.com to Nord Security - 17 upvotes, $0
  16. CRITICAL-CLICKJACKING at Yelp Reservations Resulting in exposure of victim Private Data (Email info) + Victim Credit Card MissUse. to Yelp - 17 upvotes, $0
  17. Clickjacking In jobs.wordpress.net to WordPress - 16 upvotes, $0
  18. Clickjacking on cas.acronis.com login page to Acronis - 16 upvotes, $0
  19. Clickjacking at open.rocket.chat to Rocket.Chat - 15 upvotes, $0
  20. Clickjacking wordcamp.org to WordPress - 14 upvotes, $0
  21. Make user buy items via clickjacking possibility to Mail.ru - 14 upvotes, $0
  22. self-xss with ClickJacking can leads to account takeover in Firefox to Imgur - 14 upvotes, $0
  23. Modifying application settings via clickjacking on o2.mail.ru to Mail.ru - 13 upvotes, $150
  24. Clickjacking Vulnerability found on Yelp to Yelp - 13 upvotes, $0
  25. Reflected XSS through ClickJacking to U.S. Dept Of Defense - 13 upvotes, $0
  26. Clickjacking on Mixmax.com to Mixmax - 12 upvotes, $0
  27. Clickjacking on https://www.goodhire.com/api to Inflection - 12 upvotes, $0
  28. URL is vulnerable to clickjacking to MyCrypto - 12 upvotes, $0
  29. Modify account details by exploiting clickjacking vulnerability on refer.wordpress.com to Automattic - 12 upvotes, $0
  30. AWS S3 website can't serve security headers, may allow clickjacking to Legal Robot - 11 upvotes, $0
  31. Clickjacking mercantile.wordpress.org to WordPress - 11 upvotes, $0
  32. Single Sing On - Clickjacking to Semrush - 11 upvotes, $0
  33. clickjacking в /lead_forms_app.php to VK.com - 11 upvotes, $0
  34. Certificate warnings and similar UI elements in Web protection of Anti-Virus products family are susceptible to clickjacking to Kaspersky - 11 upvotes, $0
  35. Clickjacking Vulnerability in sifchain.finance to Sifchain - 11 upvotes, $0
  36. Clickjacking Periscope.tv on Chrome to X (Formerly Twitter) - 10 upvotes, $0
  37. Following links are vulnerable to clickjacking to Semrush - 10 upvotes, $0
  38. Clickjacking URLS to Nextcloud - 10 upvotes, $0
  39. Reflected XSS through clickjacking at https://████ to U.S. Dept Of Defense - 10 upvotes, $0
  40. OAuth authorization page vulnerable to clickjacking to Coinbase - 9 upvotes, $5000
  41. Bypass of the Clickjacking protection on Flickr using data URL in iframes to Yahoo! - 9 upvotes, $0
  42. Delete images of users with clickjacking in https://pw.mail.ru to Mail.ru - 9 upvotes, $0
  43. Get ip and Geo location any user via Clickjacking with inspectlet technology to Acronis - 9 upvotes, $0
  44. Clickjacking at app.lemlist.com to lemlist - 9 upvotes, $0
  45. Clickjacking on authorized page https://wakatime.com/share/embed to WakaTime - 8 upvotes, $0
  46. Clickjacking - https://mercantile.wordpress.org/ to WordPress - 8 upvotes, $0
  47. Clickjacking in Legalrobot app to Legal Robot - 8 upvotes, $0
  48. Clickjacking to Palo Alto Software - 8 upvotes, $0
  49. UI Redressing ( ClickJacking ) Issue on Information submit form to Legal Robot - 7 upvotes, $0
  50. Clickjacking to Pushwoosh - 7 upvotes, $0
  51. Click Jacking Nextcloud to Nextcloud - 7 upvotes, $0
  52. Clickjacking on my.stripo.email for MailChimp credentials to Stripo Inc - 7 upvotes, $0
  53. Clickjacking misconfiguration bug to Sifchain - 7 upvotes, $0
  54. Clickjacking to change email address to Gener8 - 7 upvotes, $0
  55. Clickjacking Vulnerability In Whole Page Ads Tiktok to TikTok - 6 upvotes, $500
  56. Found clickjacking vulnerability to LeaseWeb - 6 upvotes, $0
  57. Account takeover vulnerability by editor role privileged users/attackers via clickjacking to WordPress - 6 upvotes, $0
  58. Clickjacking lead to remove review to Yelp - 6 upvotes, $0
  59. Khan Academy ClickJacking to Steal Users's Credintials to Khan Academy - 6 upvotes, $0
  60. Clickjacking Vulnerability via https://profile.my.games/gamecenter/profile/ can lead to sensitive cross site actions (Bypass X-Frame-Options) to Mail.ru - 6 upvotes, $0
  61. Vulnerable for clickjacking attack to Sifchain - 6 upvotes, $0
  62. Shop - Reflected XSS With Clickjacking Leads to Steal User's Cookie In Two Domain to Meredith - 6 upvotes, $0
  63. Click Jacking to Legal Robot - 5 upvotes, $0
  64. Missing security headers, possible clickjacking to Legal Robot - 5 upvotes, $0
  65. https://admin.corp.cuvva.co/ is vulnerable to Clickjacking attacks due to missing X-Frame-Options to Cuvva - 5 upvotes, $0
  66. Clickjacking docs.weblate.org to Weblate - 5 upvotes, $0
  67. clickjacking on https://gratipay.com/on/npm/[text] to Gratipay - 5 upvotes, $0
  68. ClickJacking on IMPORTANT Functions of Yelp to Yelp - 5 upvotes, $0
  69. Clickjacking Vulnerability via https://www.donationalerts.com/help/support leads to bypass for widget.support.my.games X-Frame Options to Mail.ru - 5 upvotes, $0
  70. ClickJacking on http://au.launch.yahoo.com to Yahoo! - 4 upvotes, $0
  71. Clickjacking: X-Frame-Options header missing to Legal Robot - 4 upvotes, $0
  72. Clickjacking In https://demo.nextcloud.com to Nextcloud - 4 upvotes, $0
  73. Clickjacking Full account takeover and editing the personal information at [account.my.com] to Mail.ru - 4 upvotes, $0
  74. Clickjacking Vulnerability via https://webagent.mail.ru leading to protection bypass for https://web.icq.com/ end point to Mail.ru - 4 upvotes, $0
  75. Clickjacking to Mail.ru - 3 upvotes, $0
  76. Click-Jacking due to missing X-frame header to Factlink - 3 upvotes, $0
  77. Clickjacking at https://www.mavenlink.com/ main website to Mavenlink - 3 upvotes, $0
  78. Clickjacking at surveylink.yahoo.com to Yahoo! - 3 upvotes, $0
  79. Clickjacking login page of http://book.zomato.com/ to Zomato - 3 upvotes, $0
  80. Clickjacking: Delete Account, Change privacy settings, Rate business, follow/unfollow (IE) to Zomato - 3 upvotes, $0
  81. Settings page in https://support.my.com is vulnerable to clickjacking to Mail.ru - 3 upvotes, $0
  82. Clickjacking on profile page leading to unauthorized changes to UPchieve - 3 upvotes, $0
  83. Possible clickjacking at shop.khanacademy.org to Khan Academy - 2 upvotes, $0
  84. Click jacking to Factlink - 2 upvotes, $0
  85. Clickjacking & CSRF attack can be done at https://app.mavenlink.com/login to Mavenlink - 2 upvotes, $0
  86. clickjacking on leaving group(flick) to Yahoo! - 2 upvotes, $0
  87. Vulnerable to clickjacking to Gratipay - 2 upvotes, $0
  88. Clickjacking on authenticated pages which is inscope for New Relic to New Relic - 2 upvotes, $0
  89. newrelic.com vulnerable to clickjacking ! to New Relic - 2 upvotes, $0
  90. ClickJacking on Debug to Weblate - 2 upvotes, $0
  91. Clickjacking irclogs.wordpress.org to WordPress - 2 upvotes, $0
  92. Click jacking in delete image of user in Yelp to Yelp - 2 upvotes, $0
  93. URL is vulnerable to clickjacking to Zomato - 2 upvotes, $0
  94. Clickjacking Vulnerability on https://support.my.com/games/ticket/xxxx/ to Mail.ru - 2 upvotes, $0
  95. Clickjacking in ops.cuvva.com to Cuvva - 2 upvotes, $0
  96. Clickjacking to Kubernetes - 2 upvotes, $0
  97. Site-wide clickjacking at IE11 to New Relic - 2 upvotes, $0
  98. ClickJacking to Acronis - 2 upvotes, $0
  99. clickjacking at brew.sh to Homebrew - 2 upvotes, $0
  100. CLICKJACKING LEADS TO DEACTIVATE ACCOUNT to UPchieve - 2 upvotes, $0
  101. Clickjacking ar https://hackers.upchieve.org/login to UPchieve - 2 upvotes, $0
  102. Clickjacking to Sifchain - 2 upvotes, $0
  103. Clickjacking - changing role to Respondly - 1 upvotes, $0
  104. ClickJacking to Localize - 1 upvotes, $0
  105. Clicjacking on Login panel to Mail.ru - 1 upvotes, $0
  106. Clickjacking at https://staging.uzbey.com/ to Uzbey - 1 upvotes, $0
  107. Clickjacking to Mavenlink - 1 upvotes, $0
  108. Clickjacking: X-Frame-Options header missing to GlassWire - 1 upvotes, $0
  109. clickjacking to Yahoo! - 1 upvotes, $0
  110. Clickjacking: X-Frame-Options header missing to APITest.IO - 1 upvotes, $0
  111. Clickjacking in love.uber.com to Uber - 1 upvotes, $0
  112. ClickJacking to OWOX, Inc. - 1 upvotes, $0
  113. Clickjacking vulnerability in support-dashboard.corp.cuvva.co to Cuvva - 1 upvotes, $0
  114. Clickjacking or URL Masking to Brave Software - 1 upvotes, $0
  115. clickjacking at http://mailboxes.legalrobot-uat.com/ to Legal Robot - 1 upvotes, $0
  116. aspen | clickjacking to Aspen - 1 upvotes, $0
  117. ClickJacking to Yelp - 1 upvotes, $0
  118. Clickjacking: X-Frame Header Missing to Yelp - 1 upvotes, $0
  119. clickjacking to Semrush auth login to Semrush - 1 upvotes, $0
  120. Clickjacking on https://download.nextcloud.com/ to Nextcloud - 1 upvotes, $0
  121. Clickjacking on https://download.nextcloud.com to Nextcloud - 1 upvotes, $0
  122. Nextcloud Clickjacking Vulnerability to Nextcloud - 1 upvotes, $0
  123. clickjacking on deleting user's clips [https://crossclip.com/clips] to Logitech - 1 upvotes, $0
  124. clickjacking vulnerability to Sifchain - 1 upvotes, $0
  125. Clickjacking at sifchain.finance to Sifchain - 1 upvotes, $0
  126. Clickjacking login page of https://hackers.upchieve.org/login to UPchieve - 1 upvotes, $0
  127. Clickjacking : https://partners.cloudflare.com/ to Cloudflare Vulnerability Disclosure - 0 upvotes, $0
  128. Clickjacking https://blockstack.org/ to Hiro - 0 upvotes, $0
  129. ClickJacking in editing business name to Yelp - 0 upvotes, $0
  130. User can be fooled to Bookmark any restaurant by clickjacking to Yelp - 0 upvotes, $0
  131. Clickjacking @ Main Domain[www.yelp.com] to Yelp - 0 upvotes, $0
  132. Clickjacking on https://nextcloud.com/ to Nextcloud - 0 upvotes, $0
  133. Clickjacking /framing on sensitive Subdomain to Sifchain - 0 upvotes, $0