postMessage() IV

This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the origin and X-Frame-Options is used

PRO

content

MEDIUM

Difficulty

Less than an hour

on average

294

Completed this exercise

Course

Online access to this exercise is only available with PentesterLab PRO

Make sure you check out PentesterLab PRO and PentesterLab PRO Enterprise to develop your skills.