postMessage() IV

This exercise covers how insecure calls to the JavaScript function postMessage() can be used to leak sensitive information when a listener does not filter the origin and X-Frame-Options is used

PRO

content

MEDIUM

Difficulty

Between 1 and 2 hours

on average

7

Completed this exercise

Course

Access to this course is only available with PentesterLab PRO

Make sure you check out PentesterLab PRO and PentesterLab PRO Enterprise to develop your skills.