Insufficient UI Warning of Dangerous Operations in postfixadmin/postfixadmin
Aug 4th 2021
🕵️♂️ Proof of Concept
i see there is no
X-Frame-Options reseponse header present which allow to load entire website in iframe . And using this clickjacking attack can be performed .
<iframe src=http://localhost/postfixadmin/public/list.php?table=admin height=600px width=600px>