Clickjacking vulnerability on Ikea.co.id
Hello guys, this is my first story on Medium, before we start let me introduce myself. My name is Novan Aziz Ramadhan and i’m interested on cyber security.
Ok that’s enough i think xD
First of all, i was watching on my TV and there was a furniture advertisement from Ikea, then with my curiosity i turned on the laptop then tried to do penetration testing on the Ikea website.
I try to find some XSS in the search form and i hope got reflected XSS, and i try DOM XSS, but i got no luck at all
Then i’m going to my account and there’s a feature “delete account”, after that i try to make a simple clickjacking script and it vulnerable to clickjacking! WOW!
After that, i report it to hackerone and i hope i got bounty from it, few hours later i got notification on hackerone and it was duplicate :’)
Here’s the PoC video :
https://youtu.be/THaIOUumPak
ps : due to copyright so i muted the music
Time line :
- 14 June reported to hackerone
- 14 June duplicate report
Thanks for reading guys.