postMessage() IV

This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the origin and X-Frame-Options is used

PRO

content

MEDIUM

Difficulty

Between 1 and 2 hours

on average

26

Completed this exercise

Course

Access to this course is only available with PentesterLab PRO

Make sure you check out PentesterLab PRO and PentesterLab PRO Enterprise to develop your skills.