bug-bounty457
google360
microsoft310
facebook264
xss250
apple176
malware175
rce165
exploit140
cve111
account-takeover104
bragging-post102
phishing84
privilege-escalation82
csrf81
supply-chain68
stored-xss65
authentication-bypass64
dos62
browser60
reflected-xss57
react52
cloudflare50
reverse-engineering49
access-control48
input-validation48
cross-site-scripting48
aws47
node46
docker46
smart-contract45
ethereum44
sql-injection43
defi43
web-security43
ssrf42
web342
web-application41
writeup37
oauth37
race-condition36
burp-suite35
info-disclosure34
idor34
vulnerability-disclosure34
auth-bypass33
cloud33
html-injection33
buffer-overflow32
smart-contract-vulnerability32
0
5/10
vulnerability
WhatsApp's web client was vulnerable to clickjacking attacks due to missing X-Frame-Options header and iframe busting techniques, allowing attackers to trick users into sending messages, creating groups, or making calls on their behalf. The vulnerability was reported to Facebook in January 2015 and subsequently fixed with an X-Frame-Options: Deny header.
clickjacking
ui-redress-attack
web-client
whatsapp
x-frame-options
iframe-busting
client-side-vulnerability
authentication-bypass
WhatsApp
Facebook
Telegram
Mohamed A. Baset
Seekurity
Brian Acton
Jan Koum