1. Web Security Academy
  2. Clickjacking
  3. Lab

Lab: Exploiting clickjacking vulnerability to trigger DOM-based XSS

This lab contains a XSS vulnerability that is triggered by a click. Construct a clickjacking attack that injects a XSS payload and fools the user into clicking the button to execute the payload.

You have an account on the application that you can use to help design your attack. The credentials are: carlos / montoya.

Note

The victim will be using Chrome so test your exploit on that browser.