postMessage() IV: Exploitation

In this video, we cover the exploitation of postMessage IV. We demonstrate how to share secrets without having the CSRF token by leveraging the victim's session and crafting a JavaScript exploit.