Since the Mutillidae application does not make use of the X-FRAME-OPTIONS header set to DENY, it is possible to inject a malicious iframe in to the Mutillidae web pages. The Clickbandit increases the level of opaqueness of the iframe for visibility and creates a proof of concept (PoC) to illustrate how the vulnerability can be exploited.