postMessage() IV: Exploitation

image of exercise postMessage() IV: Exploitation
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Spoiler
postMessage() IV: Exploitation

In this video, we cover the exploitation of postMessage IV. We demonstrate how to share secrets without having the CSRF token by leveraging the victim's session and crafting a JavaScript exploit.

video duration icon05:32 number of views icon1365