Click-Jacking vulnerability

[Sud0-su]

1. Introduction
Vendor : Monstra
Affected Product : Monstra CMS 3.0.4
Vendor Website : http://monstra.org/
Vulnerability Type : Click-Jacking Vulnerability
Remote Exploitable : Yes

2. Overview

Technical Description:
Monstra Content Management System is prone to an Click-Jacking Vulnerability . Clickjacking is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on. It didn't return an X-Frame-Options header implying this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page inside a frame or iframe.

3. PoC

<title>Click-jacking Vulnerability</title>

Vulnerable to click-jacking!

<iframe src="https://demos3.softaculous.com/Monstra/admin/" width="1000" height="1000"></iframe>

4. Credit
Suparna Kachroo (@Sud0__su)