An Indian Security Researcher , Nikhil P Kulkarni, has discovered Clickjacking vulnerability in the Microsoft's Social network SOCL(so.cl).
Clickjacking, also referred as "User Interface redress attack" and "UI redress attack", is one type of website hacking technique where hacker use multiple transparent layers to trick a user into clicking on something different to what the user perceives they are clicking on.
In a POC provided to EHN, the researcher demonstrated the clickjacking vulnerability. In a html file, the top layer says "click below to win your prize money". But , in background, the SOCL page was loaded. When a user click the "click here" button, it will post message in the victim's wall.
The researcher discovered the vulnerability in August and sent notification to Microsoft. Initially, Microsoft rejected it nearly 5 times and told researcher that it was not a vulnerability.
But recently, they realized that all his POC's were right and have rectified that vulnerability. They have decided to put his name in their hall of fame page.
