postMessage() II

Bookmarked!

This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the Origin

PRO Medium < 1 Hr. 1106 Orange Badge

Course

This course covers the exploitation of an application using <code>addEventListener()</code> without verifying the origin of the message. By understanding and leveraging the <code>postMessage</code> method, you will learn how to get an administrator to leak confidential information via the "Sharing" functionality.

Skills covered

Injection Authentication Client Side

Included with PRO

Full course content 2 videos Common mistakes

Ready to practice?

Get access to this lab and 600+ hands-on exercises with a PRO subscription.

Go PRO or create a free account