1. Web Security Academy
  2. Clickjacking
  3. Lab

Lab: Exploiting clickjacking vulnerability to trigger DOM-based XSS


This lab contains a XSS vulnerability that is triggered by a click. Construct a clickjacking attack that injects a XSS payload and fools the user into clicking the "Click me" button to execute the payload.


The victim will be using Chrome so test your exploit on that browser.