If this research helped you, please consider giving it a ⭐ Star.
Found this research useful?
- Star ⭐ this repo to keep track of it.
- Follow me on GitHub for more DeFi security research.
- Fork it if you want to run your own experiments.
If you appreciate the work and want to support further security research:
Wallet Address (ETH/EVM): 0xBDDD7973D0DE27B715A4A5cbdb87d0DF78757b3A
This repository contains a Proof of Concept (PoC) for a Clickjacking vulnerability identified on profile.cex.io due to missing X-Frame-Options and Content-Security-Policy (frame-ancestors) headers.
An attacker can embed the financial profile page into a malicious website and trick the user into performing unintended actions (e.g., changing security settings, modifying personal info) by overlaying deceptive UI elements.