1. Web Security Academy
  2. Clickjacking
  3. Lab

Lab: Exploiting clickjacking vulnerability to trigger DOM-based XSS

PRACTITIONER

This lab contains a XSS vulnerability that is triggered by a click. Construct a clickjacking attack that fools the user into clicking the "Click me" button to execute an XSS payload that alerts document.cookie.

Note

The victim will be using Chrome so test your exploit on that browser.

Find clickjacking vulnerabilities using Burp Suite

The benefits of working through PortSwigger's Web Security Academy

Get started with the Web Security Academy where you can practise exploiting vulnerabilities on realistic targets .. and its free!

Already got an account? Login here