The X-Frame Options is missing on the Zen Cart v1.5.1
Testing Environment:
Operating System: Windows 7 (32-bit)
Browser: Mozilla Firefox v17.0
Firefox Addon: Clickjacking Defense (https://addons.mozilla.org/en-us/fir...efense-declar/)
Impact: Highly Critical
Description of the Issue: As there is no X-Frame Options, the latest stable release of Zen Cart v1.5.1 is vulnerable to UI Redressing(ClickJacking) attack. All the modules of Zen Cart can be opened inside a malicious frame and from the attacker point of view various malicious activity can be carried over a victim end.
Mitigation: An X-Frame Options must be set in the headers as DENY or SAME ORIGIN.
References: https://www.owasp.org/index.php/Clickjacking
Regards,
Himanshu(@mehimansu)
Thread: X-Frame Options Missing
Results 1 to 1 of 1
-
4 Dec 2012, 05:01 PM #1
New Zenner
- Join Date
- Dec 2012
- Posts
- 1
- Plugin Contributions
- 0
X-Frame Options Missing
Reply With QuoteSimilar Threads
-
Missing Options
By Djcyclesuk in forum Basic ConfigurationReplies: 5Last Post: 7 Apr 2008, 02:05 AM -
How to make a frame that changes in color as options for art/paintings
By oavs in forum Setting Up Categories, Products, AttributesReplies: 4Last Post: 26 Aug 2006, 03:22 AM
Bookmarks