Solving postMessage() II

This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the origin

PRO

content

Medium difficulty

Less than an hour average completion time

896 users completed this exercise

Network requirements:

Public IP address recommended

Common Mistakes:

The URL visited by the victim changes every few hours, make sure the URL in your payload targets the website the victim is currently visiting

Online access to this exercise is only available with PentesterLab PRO

Learn more about PentesterLab PRO