Course
This course covers the exploitation of an application using <code>addEventListener()</code> without verifying the origin of the message, making it vulnerable to Cross-Site Scripting (XSS). You'll learn how to convert a self-XSS into an XSS using an iframe and postMessage().
Skills covered
Injection
Authentication
Client Side
Included with PRO
Full course content
2 videos
Common mistakes
Ready to practice?
Get access to this lab and 600+ hands-on exercises with a PRO subscription.
