in , ,

Exploit DOM Based XSS via Misconfigured postMessage() Function

Today, we will be discussing how to exploit DOM-based XSS through Misconfigured Postmessage function.

If the two sites do not have similar properties mentioned above, it will trigger the Same Origin Policy

There are several ways in which you can bypass the Same Origin Policy. One of them is the postMessage function. The postMessage method safely enables cross-origin communication between Window objects. postMessage uses two methods to cross communicate between windows. They are as follows:

Here are the different scenarios in which the function postMessage() is misconfigured and made vulnerable to DOM-based XSS.

Posted by SH

Leave a Reply

Exit mobile version