Lab: DOM XSS using web messages
This lab demonstrates a simple web-message vulnerability. To solve this lab, use the exploit server to post a message to the website that exploits an XSS vulnerability and alerts
Notice that the home page contains an
addEventListenercall that listens for a web message.
Go to the exploit server and add the following
iframeto the body, remembering to change
your-lab-idwith your lab ID:
<iframe src="https://your-lab-id.web-security-academy.net/" onload="this.contentWindow.postMessage('<img src=1 onerror=alert(document.cookie)>','*')">
- Store the exploit and deliver it to the victim.
iframe loads, the
postMessage() method sends a web message to the home page. The event listener, which is intended to serve ads, takes the content of the web message and inserts it into the
div with the ID
ads. However, in this case it inserts our
img tag, which contains an invalid
src attribute. This throws an error, which causes the
onerror event handler to execute our payload.