Clickjacking Vulnerability on https://basin.exchange/
Report ID
#27100
Report type
Websites and Applications
Has PoC?
Yes
Target
Impacts
- Persistent content spoofing / text injection issues
Description
Hello Team,
I hope you are doing well. I found another security issue on https://basin.exchange/. See the details below
A clickjacking vulnerability has been identified on the https://basin.exchange/ platform. Clickjacking is a security vulnerability that allows an attacker to trick users into clicking on elements unknowingly, potentially leading to unintended actions being performed
Impact
Clickjacking vulnerabilities can lead to unauthorized actions, potential data exposure. This poses a risk to the integrity and security of user interactions on the basin.exchange platform
Fix
Implement measures to mitigate clickjacking vulnerabilities, such as adding the X-Frame-Options header to prevent the platform from being embedded within iframes or frames on malicious websites. Additionally, review and update the platform's frontend code to ensure that user interactions are properly validated and protected against clickjacking attacks
Steps to Reproduce
- Open https://www.clickjackingtest.com/ (My own web to test iframe)
- Enter the URL :Â https://basin.exchange/Â and click on submit
Observe the web app https://basin.exchange/ is embedded in iframe
Reference
BIC Response
This is not a valid bug report because the reported behavior is not considered content spoofing. The website is open source and anyone can deploy it at any domain, let alone embed the existing one into another site as an iframe.
Due to these reasons, we are closing the submission and no reward will be issued.