Skip to content

Latest commit

 

History

History
131 lines (130 loc) · 15.2 KB

TOPCLICKJACKING.md

File metadata and controls

131 lines (130 loc) · 15.2 KB
Raw

Top Clickjacking reports from HackerOne:

  1. Highly wormable clickjacking in player card to Twitter - 128 upvotes, $5040
  2. Twitter Periscope Clickjacking Vulnerability to Twitter - 125 upvotes, $1120
  3. Clickjacking on donation page to WordPress - 88 upvotes, $50
  4. Viral Direct Message Clickjacking via link truncation leading to capture of both Google credentials & installation of malicious 3rd party Twitter App to Twitter - 64 upvotes, $1120
  5. Sensitive Clickjacking on admin login page. to Shipt - 52 upvotes, $100
  6. Stealing User emails by clickjacking cards.twitter.com/xxx/xxx to Twitter - 49 upvotes, $1120
  7. Clickjacking vkpay to VK.com - 44 upvotes, $0
  8. [api.tumblr.com] Exploiting clickjacking vulnerability to trigger self DOM-based XSS to Automattic - 30 upvotes, $150
  9. URL is vulnerable to clickjacking https://app.passit.io/ to Passit - 28 upvotes, $0
  10. CRITICAL-CLICKJACKING at Yelp Reservations Resulting in exposure of victim Private Data (Email info) + Victim Credit Card MissUse. to Yelp - 17 upvotes, $500
  11. Clickjacking at join.nordvpn.com to Nord Security - 17 upvotes, $100
  12. Clickjacking in [exchangemarketplace.com] to Shopify - 17 upvotes, $0
  13. Clickjacking Vulnerability Can Leads To Delete Developer APP to TikTok - 16 upvotes, $500
  14. Clickjacking at ylands.com to BOHEMIA INTERACTIVE a.s. - 16 upvotes, $80
  15. Clickjacking in the admin page to Rocket.Chat - 16 upvotes, $0
  16. Clickjacking on cas.acronis.com login page to Acronis - 16 upvotes, $0
  17. Clickjacking In jobs.wordpress.net to WordPress - 15 upvotes, $0
  18. Make user buy items via clickjacking possibility to Mail.ru - 14 upvotes, $200
  19. self-xss with ClickJacking can leads to account takeover in Firefox to Imgur - 14 upvotes, $100
  20. Clickjacking wordcamp.org to WordPress - 14 upvotes, $0
  21. Modifying application settings via clickjacking on o2.mail.ru to Mail.ru - 13 upvotes, $150
  22. Clickjacking Vulnerability found on Yelp to Yelp - 13 upvotes, $100
  23. Modify account details by exploiting clickjacking vulnerability on refer.wordpress.com to Automattic - 12 upvotes, $75
  24. Clickjacking on Mixmax.com to Mixmax - 12 upvotes, $0
  25. Clickjacking on https://www.goodhire.com/api to Inflection - 12 upvotes, $0
  26. URL is vulnerable to clickjacking to MyCrypto - 12 upvotes, $0
  27. Single Sing On - Clickjacking to Semrush - 11 upvotes, $150
  28. AWS S3 website can't serve security headers, may allow clickjacking to Legal Robot - 11 upvotes, $40
  29. Clickjacking mercantile.wordpress.org to WordPress - 11 upvotes, $0
  30. clickjacking в /lead_forms_app.php to VK.com - 11 upvotes, $0
  31. Clickjacking Vulnerability in sifchain.finance to Sifchain - 11 upvotes, $0
  32. Clickjacking Periscope.tv on Chrome to Twitter - 10 upvotes, $560
  33. Certificate warnings and similar UI elements in Web protection of Anti-Virus products family are susceptible to clickjacking to Kaspersky - 10 upvotes, $0
  34. Clickjacking URLS to Nextcloud - 10 upvotes, $0
  35. Reflected XSS through clickjacking at https://████ to U.S. Dept Of Defense - 10 upvotes, $0
  36. Reflected XSS through ClickJacking to U.S. Dept Of Defense - 10 upvotes, $0
  37. Following links are vulnerable to clickjacking to Semrush - 9 upvotes, $150
  38. Delete images of users with clickjacking in https://pw.mail.ru to Mail.ru - 9 upvotes, $0
  39. Get ip and Geo location any user via Clickjacking with inspectlet technology to Acronis - 9 upvotes, $0
  40. OAuth authorization page vulnerable to clickjacking to Coinbase - 8 upvotes, $5000
  41. Clickjacking on authorized page https://wakatime.com/share/embed to WakaTime - 8 upvotes, $0
  42. Clickjacking - https://mercantile.wordpress.org/ to WordPress - 8 upvotes, $0
  43. Clickjacking in Legalrobot app to Legal Robot - 8 upvotes, $0
  44. Bypass of the Clickjacking protection on Flickr using data URL in iframes to Yahoo! - 7 upvotes, $250
  45. UI Redressing ( ClickJacking ) Issue on Information submit form to Legal Robot - 7 upvotes, $0
  46. Clickjacking to Pushwoosh - 7 upvotes, $0
  47. Click Jacking Nextcloud to Nextcloud - 7 upvotes, $0
  48. Clickjacking on my.stripo.email for MailChimp credentials to Stripo Inc - 7 upvotes, $0
  49. Clickjacking to Palo Alto Software - 7 upvotes, $0
  50. Account takeover vulnerability by editor role privileged users/attackers via clickjacking to WordPress - 6 upvotes, $0
  51. Clickjacking lead to remove review to Yelp - 6 upvotes, $0
  52. Vulnerable for clickjacking attack to Sifchain - 6 upvotes, $0
  53. Clickjacking misconfiguration bug to Sifchain - 6 upvotes, $0
  54. Clickjacking to change email address to Gener8 - 6 upvotes, $0
  55. ClickJacking on IMPORTANT Functions of Yelp to Yelp - 5 upvotes, $500
  56. Found clickjacking vulnerability to LeaseWeb - 5 upvotes, $0
  57. Click Jacking to Legal Robot - 5 upvotes, $0
  58. https://admin.corp.cuvva.co/ is vulnerable to Clickjacking attacks due to missing X-Frame-Options to Cuvva - 5 upvotes, $0
  59. Clickjacking docs.weblate.org to Weblate - 5 upvotes, $0
  60. clickjacking on https://gratipay.com/on/npm/[text] to Gratipay - 5 upvotes, $0
  61. Khan Academy ClickJacking to Steal Users's Credintials to Khan Academy - 5 upvotes, $0
  62. Clickjacking Vulnerability via https://profile.my.games/gamecenter/profile/ can lead to sensitive cross site actions (Bypass X-Frame-Options) to Mail.ru - 4 upvotes, $150
  63. Clickjacking In https://demo.nextcloud.com to Nextcloud - 4 upvotes, $0
  64. Clickjacking Full account takeover and editing the personal information at [account.my.com] to Mail.ru - 4 upvotes, $0
  65. Clickjacking Vulnerability via https://webagent.mail.ru leading to protection bypass for https://web.icq.com/ end point to Mail.ru - 3 upvotes, $150
  66. Clickjacking Vulnerability via https://www.donationalerts.com/help/support leads to bypass for widget.support.my.games X-Frame Options to Mail.ru - 3 upvotes, $150
  67. Missing security headers, possible clickjacking to Legal Robot - 3 upvotes, $20
  68. Clickjacking login page of http://book.zomato.com/ to Zomato - 3 upvotes, $0
  69. Clickjacking: Delete Account, Change privacy settings, Rate business, follow/unfollow (IE) to Zomato - 3 upvotes, $0
  70. Settings page in https://support.my.com is vulnerable to clickjacking to Mail.ru - 3 upvotes, $0
  71. Clickjacking on profile page leading to unauthorized changes to UPchieve - 3 upvotes, $0
  72. Clickjacking at app.lemlist.com to lemlist - 3 upvotes, $0
  73. Site-wide clickjacking at IE11 to New Relic - 2 upvotes, $500
  74. Clickjacking to Mail.ru - 2 upvotes, $150
  75. ClickJacking on http://au.launch.yahoo.com to Yahoo! - 2 upvotes, $0
  76. Click-Jacking due to missing X-frame header to Factlink - 2 upvotes, $0
  77. Clickjacking at surveylink.yahoo.com to Yahoo! - 2 upvotes, $0
  78. Vulnerable to clickjacking to Gratipay - 2 upvotes, $0
  79. Clickjacking on authenticated pages which is inscope for New Relic to New Relic - 2 upvotes, $0
  80. newrelic.com vulnerable to clickjacking ! to New Relic - 2 upvotes, $0
  81. Clickjacking: X-Frame-Options header missing to Legal Robot - 2 upvotes, $0
  82. ClickJacking on Debug to Weblate - 2 upvotes, $0
  83. Clickjacking irclogs.wordpress.org to WordPress - 2 upvotes, $0
  84. Click jacking in delete image of user in Yelp to Yelp - 2 upvotes, $0
  85. URL is vulnerable to clickjacking to Zomato - 2 upvotes, $0
  86. Clickjacking Vulnerability on https://support.my.com/games/ticket/xxxx/ to Mail.ru - 2 upvotes, $0
  87. Clickjacking in ops.cuvva.com to Cuvva - 2 upvotes, $0
  88. Clickjacking to Kubernetes - 2 upvotes, $0
  89. ClickJacking to Acronis - 2 upvotes, $0
  90. clickjacking at brew.sh to Homebrew - 2 upvotes, $0
  91. CLICKJACKING LEADS TO DEACTIVATE ACCOUNT to UPchieve - 2 upvotes, $0
  92. Clickjacking ar https://hackers.upchieve.org/login to UPchieve - 2 upvotes, $0
  93. Clickjacking at https://www.mavenlink.com/ main website to Mavenlink - 1 upvotes, $50
  94. Possible clickjacking at shop.khanacademy.org to Khan Academy - 1 upvotes, $0
  95. Click jacking to Factlink - 1 upvotes, $0
  96. Clickjacking & CSRF attack can be done at https://app.mavenlink.com/login to Mavenlink - 1 upvotes, $0
  97. clickjacking on leaving group(flick) to Yahoo! - 1 upvotes, $0
  98. Clickjacking: X-Frame-Options header missing to APITest.IO - 1 upvotes, $0
  99. Clickjacking in love.uber.com to Uber - 1 upvotes, $0
  100. ClickJacking to OWOX, Inc. - 1 upvotes, $0
  101. Clickjacking vulnerability in support-dashboard.corp.cuvva.co to Cuvva - 1 upvotes, $0
  102. Clickjacking or URL Masking to Brave Software - 1 upvotes, $0
  103. aspen | clickjacking to Aspen - 1 upvotes, $0
  104. ClickJacking to Yelp - 1 upvotes, $0
  105. Clickjacking: X-Frame Header Missing to Yelp - 1 upvotes, $0
  106. clickjacking to Semrush auth login to Semrush - 1 upvotes, $0
  107. Clickjacking on https://download.nextcloud.com/ to Nextcloud - 1 upvotes, $0
  108. Clickjacking on https://download.nextcloud.com to Nextcloud - 1 upvotes, $0
  109. Nextcloud Clickjacking Vulnerability to Nextcloud - 1 upvotes, $0
  110. clickjacking on deleting user's clips [https://crossclip.com/clips] to Logitech - 1 upvotes, $0
  111. Clickjacking to Sifchain - 1 upvotes, $0
  112. Clickjacking login page of https://hackers.upchieve.org/login to UPchieve - 1 upvotes, $0
  113. Clickjacking to Mavenlink - 0 upvotes, $50
  114. Clickjacking - changing role to Respondly - 0 upvotes, $0
  115. ClickJacking to Localize - 0 upvotes, $0
  116. Clicjacking on Login panel to Mail.ru - 0 upvotes, $0
  117. Clickjacking at https://staging.uzbey.com/ to Uzbey - 0 upvotes, $0
  118. Clickjacking: X-Frame-Options header missing to GlassWire - 0 upvotes, $0
  119. clickjacking to Yahoo! - 0 upvotes, $0
  120. Clickjacking : https://partners.cloudflare.com/ to Cloudflare Vulnerability Disclosure - 0 upvotes, $0
  121. clickjacking at http://mailboxes.legalrobot-uat.com/ to Legal Robot - 0 upvotes, $0
  122. Clickjacking https://blockstack.org/ to Hiro - 0 upvotes, $0
  123. ClickJacking in editing business name to Yelp - 0 upvotes, $0
  124. User can be fooled to Bookmark any restaurant by clickjacking to Yelp - 0 upvotes, $0
  125. Clickjacking @ Main Domain[www.yelp.com] to Yelp - 0 upvotes, $0
  126. Clickjacking on https://nextcloud.com/ to Nextcloud - 0 upvotes, $0
  127. clickjacking vulnerability to Sifchain - 0 upvotes, $0
  128. Clickjacking at sifchain.finance to Sifchain - 0 upvotes, $0
  129. Clickjacking /framing on sensitive Subdomain to Sifchain - 0 upvotes, $0