The site i'm testing sets X-FRAME-OPTIONS:DENY if you try to iframe their site because it detects the Referer: header and tries to prevent clickjacking. Using iframes their site w/ no referrer :) #bugbountytipsarrow-up-right
If there is a clickjacking vulnerability, however, vulnerable parameters like buttons or other things are down below the end of the page, that means you've to perform scroll with iframe. In that case, initiate an auto-scroll script with iframearrow-up-right
Last updated 10 months ago
