ClickJacking
Daniel Atallah
daniel.atallah at gmail.com
Wed Sep 18 13:24:27 EDT 2013
The fix was applied to developer.pidgin.im, which is the only place where
there's form data that's worth stealing (e.g. username & passwords).
Why do you think that http://pidgin.im needs to set the X-Frame-Options
header?
On Wed, Sep 18, 2013 at 1:16 PM, chaskar 87 <chaskar87 at gmail.com> wrote:
> Dear Daniel,
>
> The issue is still OPEN.
>
>
> On Wed, Sep 18, 2013 at 10:31 PM, Daniel Atallah <daniel.atallah at gmail.com
> > wrote:
>
>> This has been fixed. Thanks.
>>
>>
>> On Wed, Sep 18, 2013 at 10:46 AM, chaskar 87 <chaskar87 at gmail.com> wrote:
>>
>>> Dear Team,
>>>
>>> Your website is vulnerable to Clickjacking attack (Ref :-
>>> https://www.owasp.org/index.php/Clickjacking )
>>>
>>> --
>>> Thanks & Regards
>>>
>>> *Pralhad Chaskar*
>>>
>>>
>>>
>>> _______________________________________________
>>> security mailing list
>>> security at pidgin.im
>>> http://pidgin.im/cgi-bin/mailman/listinfo/security
>>>
>>
>>
>
>
> --
> Thanks & Regards
>
> *Pralhad Chaskar*
> Mob No:- 9619939402
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20130918/05f25d5e/attachment.html>
More information about the security
mailing list