Clickjacking Is Worth Reporting Nowadays? | Removing all confusion on Clickjacking bugs.

Hi Internet Rebels,

This articles are for the hunters who does not get about clickjacking or its worth reporting or not? so lets go through in detail of this unpredictable bug. I can assure you that you will get to know the exact clickjacking vulnerability.

I said unpredictable because most of the programs does not consider as in-scope vulnerability even if some of the programs considers this vulnerability they just mark as P5 bug or N/A irrespective of the severity.

To test this I reported many clickjacking reports on bugcrowd lets go in details one by one.

Yeah yeah I know this is not a vulnerability but many beginner makes this mistake to report clickjacking on login pages be it admin login page or dev login page see beginners THIS IS NOT WHAT A REAL HACKER CALLS A VULNERABILITY.

This bug occurred on account deletion page the reason I got points but not reward was because in today’s modern browser its implicitly checks for the target website’s cookie origin if it does not match (when attempting clickjacking from your localhost clickjacing.html) then it redirects to login page even if you already logged in in another tab.