postMessage() IV

This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the origin and X-Frame-Options is used

PRO

content

Medium difficulty

Less than an hour

average

completion

time

753

completed

this exercise

Course

Online access to this exercise is only available with PentesterLab PRO

Make sure you check out PentesterLab PRO and PentesterLab PRO Enterprise to develop your skills.