the affected URL : https://demo.opencart.com/admin/
just any intercepting Proxy you are using and send a request and see the response and you will find that there is not X-Frame-Options , Or CSP(frame ansectors) Headers to prevent it from happen
the payload to use to check :
Code: Select all
<!DOCTYPE HTML>
<html>
<body>
<center><iframe src="https://demo.opencart.com/admin/" width="1000px" height="1000px"></center>
</body>
</html>
just add a X-Frame-Options Header