Today, we will be discussing how to exploit DOM-based XSS through Misconfigured Postmessage function.
If the two sites do not have similar properties mentioned above, it will trigger the Same Origin Policy
There are several ways in which you can bypass the Same Origin Policy. One of them is the postMessage function. The postMessage method safely enables cross-origin communication between Window objects. postMessage uses two methods to cross communicate between windows. They are as follows:
Here are the different scenarios in which the function postMessage() is misconfigured and made vulnerable to DOM-based XSS.
This post was created with our nice and easy submission form. Create your post!
GIPHY App Key not set. Please check settings