Book of BugBounty Tips
  • Introduction
  • OSINT / Recon
  • API
  • Cross Site Request Forgery (CSRF)
  • Server Side Request Forgery (SSRF)
  • Sensitive Information Disclosure
  • Cross Site Scripting (XSS)
  • CRLF
  • Remote Code Execution (RCE)
  • Email Related
  • File Upload
  • Open Redirect
  • IDOR
  • Injection
  • XXE
  • Local / Remote File Inclusion
  • Authentication / Authorization
  • Account Takeover
  • Application Login
  • Clickjacking
  • Parameter Pollution
  • Fuzzing
  • Application Logic Bypasses
  • Bypasses
  • Mobile
  • Password Reset
  • Web Cache
  • Server Side Template Injection
  • Tips from @EdOverflow
  • Tips From @intigriti
  • Hackpack From @yeswehack
  • Tips from @YogoshaOfficial
  • Tips from @Jhaddix
  • Tips from Ben
  • Tips from Other Sources
  • Tips from Blog posts / other hunters
  • Others
  • Bugbounty Related Websites / Blogs
  • Twitter Threads
  • Docker and k8s
  • Tweets Collection by @Pentesterland
  • Windows
  • Linux
  • Burp suite
  • Scope Based Recon Tips
Powered by GitBook
On this page

Clickjacking

  • The site i'm testing sets X-FRAME-OPTIONS:DENY if you try to iframe their site because it detects the Referer: header and tries to prevent clickjacking. Using iframes their site w/ no referrer :) #bugbountytips

  • If there is a clickjacking vulnerability, however, vulnerable parameters like buttons or other things are down below the end of the page, that means you've to perform scroll with iframe. In that case, initiate an auto-scroll script with iframe

PreviousApplication LoginNextParameter Pollution

Last updated 4 years ago