1. Web Security Academy
  2. Clickjacking
  3. Lab

Lab: Exploiting clickjacking vulnerability to trigger DOM-based XSS

PRACTITIONER

This lab contains a XSS vulnerability that is triggered by a click. Construct a clickjacking attack that injects a XSS payload and fools the user into clicking the "Click me" button to execute the payload.

Note

The victim will be using Chrome so test your exploit on that browser.