On the submission page, I see "iframe injections must contain an iframe with xssposed.org"
If I try to inject [code]<iframe src="http://xssposed.org/"></iframe>[/code]
I get the error.
"Load denied by X-Frame-Options: https://www.xssposed.org/ does not permit cross-origin framing."
Am I missing something? Surely then it is not possible to load an iframe with this site in it.
cross-origin framing
Re: cross-origin framing
you can use iframe, we check request and accept vulnerability
- mradamdavies
- Posts:29
- Joined:Wed Nov 25, 2015 3:00 pm
- Contact:
Re: cross-origin framing
Code: Select all
https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
Try injecting something else, not just another URL.
Probably not vuln.
Who is online
Users browsing this forum: No registered users and 2 guests