postMessage() IV

This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the origin and X-Frame-Options is used

PRO
content
medium diffculty Medium difficulty
easy diffculty Less than an hour
average
completion
time
number of users completed icon 753
completed
this exercise

Course





Make sure you check out PentesterLab PRO and PentesterLab PRO Enterprise to develop your skills.