Advisory - Clickjacking Vulnerability in the vulnerability testing framework beef xss framework - Development Security Downloads Education | Andmp

This blog is mainly focused on Development, coding,technology and Security. Detailed analysis on most discussed topics on web plus Downloads and PDFs.Books and materials.

Breaking

ad

Post Top Ad

Monday, 8 January 2018

Advisory - Clickjacking Vulnerability in the vulnerability testing framework beef xss framework

I found a security vulnerability in the penetration testing framework -  beef xss framework .

 In case you don't know what it is -

What is BeEF?

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.

Please refer to Beef Project for more information.
 
This vulnerability allows any remote attacker to redress his UI on any generic website to make it appear persuasive as to make the victim click anywhere and thus performing an unintended action.
 
The reason being it has missing Frame protection or clickjacking protection in its Control Panel that can be accessed locally on any machine having BeEF framework running .
Here's a working PoC to give an idea of the situation and how it may affect the user/victim -
 
 
 

In case you have Beef XSS Framework running -

No comments:

Post a Comment

Your Opinion is Our First Priority

Post Bottom Ad

Pages