In this post, i would like to share one attack method that will take advantage on QR Code which called Quick Response Code Login Jacking (QRLJacking).
QRLJacking is a new method that most people might not even heard before. QRLJacking is a direct and easy social engineering method which expose via session hijacking with all the application that rely highly on the “Login with QR Code” feature.
Exploitation Framework Used for the QRLJacking
All attack vector has its own Exploitation Framework and QRLJacking is one of them too.
Exploitation Framework that can be used for QRLJacking is called QRLJacker where it was customizable exploitation framework in order to presented on how it is not that hard to hijack service within an application especially mobile Application that mostly depending on the QR Code for authentication login method.
Source: Github QRLJacker
Even though, its best practice to