Skip to content

rdin777/CEX.IO-Profile-Clickjacking-Risk-PoC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.gitignore
.gitignore
 
 
456.PNG
456.PNG
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
clickjack_poc.html
clickjack_poc.html
 
 
index.html
index.html
 
 

Repository files navigation

Clickjacking Vulnerability Analysis - profile.cex.io

If this research helped you, please consider giving it a ⭐ Star.

🚀 Stay Updated

Found this research useful?

  • Star ⭐ this repo to keep track of it.
  • Follow me on GitHub for more DeFi security research.
  • Fork it if you want to run your own experiments.

☕ Support the Research

If you appreciate the work and want to support further security research:

Donate QR

Wallet Address (ETH/EVM): 0xBDDD7973D0DE27B715A4A5cbdb87d0DF78757b3A

This repository contains a Proof of Concept (PoC) for a Clickjacking vulnerability identified on profile.cex.io due to missing X-Frame-Options and Content-Security-Policy (frame-ancestors) headers.

Impact

An attacker can embed the financial profile page into a malicious website and trick the user into performing unintended actions (e.g., changing security settings, modifying personal info) by overlaying deceptive UI elements.

About

Proof of Concept (PoC) demonstrating Clickjacking vulnerability risks on the CEX.IO profile page. Web security research and UI/UX vulnerability analysis.

Topics

web-security clickjacking security-research client-side-security cex-io vulnerability-poc ui-redressing

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages