#1233 Critical Click Jacking Vulnerability In 2.3.1 - Exponent CMS

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

#1233 new

Critical Click Jacking Vulnerability In 2.3.1

Reported by Narendra Bhati | November 16th, 2014 @ 10:44 AM | in User issues

Hello Exponent

while looking into your cms i found that its vulnerable to click jacking

by using clickjacking an attacker can directly bypass the referer based csrf protection which will be exploited on victim side

please see the attached screen shot and to know how it can be exploited kindly read my blog
post on this same vulnerability -

http://hacktivity.websecgeeks.com/linkedin-clickjacking/

will look forward to you

1.PNG 113.9 KB

Comments and changes to this ticket

You flagged this item as spam.
Narendra Bhati December 20th, 2014 @ 02:02 PM
- Assigned user set to “expNinja”
So what your are going to do next ? about this issue !

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

Bug Tracker for Exponent CMS

Shared Ticket Bins (Sort)

↓↑ drag 337 Open tickets
↓↑ drag 775 Resolved tickets
↓↑ drag 0 This week's tickets

People watching this ticket

Attachments

1.PNG 113.9 KB

Exponentcms Exponent CMS → User issues