The site i'm testing sets X-FRAME-OPTIONS:DENY if you try to iframe their site because it detects the Referer: header and tries to prevent clickjacking. Using iframes their site w/ no referrer :) #bugbountytips
If there is a clickjacking vulnerability, however, vulnerable parameters like buttons or other things are down below the end of the page, that means you've to perform scroll with iframe. In that case, initiate an auto-scroll script with iframe
Last updated 4 years ago
