Issues

Clickjacking on Login Leading to Account Takeover OF Any User/Cross-Site Scripting (XSS)/DOM-Based XSS/CSRF Attacks/Account Deletion/User Account Privilege Escalation/Victim Privilege Escalation/Malware Execution/Victim PC Hijack/Unauthorized Access to User Accounts/
Vulnerable URL : https://vfat.io/ Severity : Critical I am writing to inform you about a critical vulnerability that we have identified on your website, which poses a severe risk to your application and its users, and we have discovered a series of interconnected vulnerabilities that will be exploited through clickjacking on the login functionality. Our assessment has revealed that your entire application is vulnerable to clickjacking attacks, thereby exposing your system and users to significant security risks. This vulnerability enables attackers to exploit multiple attack vectors, including account takeover, cross-site scripting (XSS), DOM-based XSS, CSRF attacks, account deletion, user account privilege escalation, victim privilege escalation, malware execution, victim PC hijack, and unauthorized access to user accounts. We have shown you only the login endpoint of your application to make you understand the flaw. This allows malicious actors to manipulate the login process and trick users into unknowingly providing their login credentials. By leveraging this vulnerability, attackers will be able to gain unauthorized access to any user account, potentially compromising sensitive user data and enabling further malicious activities within your system. In the login endpoint, attackers will be able to exploit this vulnerability to steal users' login credentials using X-frame (clickjacking) attacks. By leveraging this flaw, they will be able to gain unauthorized access to any user account, compromising the security and privacy of their email and password. Steps to Reproduce: To demonstrate the vulnerability and its potential impact, we have outlined the following steps to reproduce the exploit: 1) Open a text editor, such as Notepad, and paste the provided code snippet: <!DOCTYPE HTML> <html lang="en-US"> <head> <meta charset="UTF-8"> <title>i Frame</title> </head> <body> <h3>This is clickjacking vulnerable</h3> <iframe src=" https://vfat.io/ " frameborder="200 px" height="500px" width="1000px"></iframe> </body> </html> 2) Save the file with any name, for example, "s.html". 3) Open the saved HTML file in a web browser. Proof of concept: See the attached file. Impact: As it's found to be vulnerable in your whole application endpoints so attackers will be able to do a lot onto your application and onto your users. Attackers will be able to perform credentials stealing which will grant unauthorized access to any user account. More attackers will be able to perform DOM based xss on your users, csrf attacks, cross site scripting attacks, deletion of account, malware execution and in successful malware execution on victim will grant victim PC hijack as well to the attackers. For the login endpoint, Attackers will be able to take over the account of any user using this vulnerability. Attackers will be able to have unauthorized access to any user account enabling each user account privileges. Thus, victim privilege escalation will be performed by attackers. Attackers will be able to take over any account using this attack/vulnerability and perform other malicious attacks. Attackers will be able to take over all the user accounts of your application using this vulnerability. Attackers will be able to have unauthorized access on all the users accounts registered on your application. Also attackers will be able to chain this with other attacks as well like cross site scripting attacks. Attackers will be able to execute malicious scripts on victims using X-Frame (Clickjacking) exploit. Attackers will totally have control on the victim PC as well using x-frame exploits by chaining them with cross site scripting attacks. Attackers will be able to execute malware on victims by chaining them with cross site scripting attacks which will lead to the malware execution on the victim enabling user account privilege escalation, victim privilege escalation and victim PC hijack. Mitigations: To mitigate the clickjacking vulnerability and enhance the security of the login page, we recommend the following measures: Implement X-Frame-Options: Set the X-Frame-Options header to deny or same-origin to prevent your login page from being loaded within an iframe on other domains. Content Security Policy (CSP): Utilize a well-defined CSP to restrict the loading of your login page on external domains, thereby mitigating clickjacking attacks.
0
Custom Buffer confusions
Pool: CL100-WETH/USDC on Base I've set: Price drops: 100 (Price drops to 100% below position lower boundary (1132.4)) Price rises: 5 (Price rises to 5% above position upper boundary (4238.6)) while focusing in USDC (which is actually important, because this changes). What I would expect by setting 5% for upper boundary is that I don't want to auto-rebalance till the price hits 4238.6 (which is what description says), and by 100% (to not rebalance when the price hits 1132.4). So exactly what descriptions says. So the description of the second custom buffer make sense, however when I go Manual Rebalance to see the Current position, this is when it become confusing, because it's showing this description: Auto-Rebalance buffer lower limit ($-5%). It's confusing, because I've sent to rebalance when it hit 4238.6, but the position shows buffer lower limit at 2927, and upper limit at 10595. So I don't know exactly what's going to happen at 2927. Is this correct, or a bug, or UI issue? Also, the boundaries goes off the area, not a big issue. Another thing is, that when you set in Manual tab Price in USDC or WETH, the values in Auto-Rebalance change (switch places) and it's even more confusing. At this point I'm hesitating to use custom buffers, as I don't know what's going to do. It would be good to have some status section (like for Auto-Compound) to report and summary in form of table what it actually does or waiting for. Update: Actually there is, but it's only visible when price goes out of range.
3
·

in progress

Load More