Gym management system project - ClickJacking exists on multiple pages
College Attendance System (CAS) Posted by SourceCodester is vulnerable to ClickJacking.
Attackers can use this vulnerability to deceive users to click, causing losses to individuals and platforms.
The following pages are paths without the secure X-Frame-Options header:
/mygym/login.php
/mygym/signup.php
/mygym/admin/login.php
/mygym/admin/add_exercises.php
/mygym/admin/add_trainers.php
/mygym/admin/index.php
The following takes /mygym/login.php as an example
To detect whether there is a ClickJacking vulnerability, here we find that the response packet does not contain the X-Frame-Options: deny field, then we can construct an HTML file locally and use an iframe to include this page
We can successfully load this page
Link
https://www.sourcecodester.com/php/15515/gym-management-system-project-php.html


