nuclei-templates/misc/missing-x-frame-options.yaml

21 lines
505 B
YAML
Raw Normal View History

2020-08-20 19:17:46 +00:00
id: missing-x-frame-options
info:
name: Clickjacking (Missing XFO header)
author: kurohost
severity: low
# This is an valid issue "only" when you able to frame authenticated page with poc to make state changing actions.
2020-08-20 19:19:56 +00:00
# Without working poc, do not report this.
2020-08-20 19:17:46 +00:00
requests:
- method: GET
path:
- "{{BaseURL}}"
redirects: true
max-redirects: 2
matchers:
- type: dsl
dsl:
- "!contains(tolower(all_headers), 'x-frame-options')"