frame spoofing using document.open() testcase
this testcase requires JavaScript to run.
invoke an exploit