1. Web Security Academy
  2. DOM-based
  3. Controlling the web-message source
  4. Lab

Lab: DOM XSS using web messages


This lab demonstrates a simple web-message vulnerability. To solve this lab, use the exploit server to post a message to the website that exploits an XSS vulnerability and alerts document.cookie.