1. Web Security Academy
  2. DOM-based
  3. Controlling the web-message source
  4. Lab

Lab: DOM XSS using web messages and a JavaScript URL


This lab demonstrates a DOM-based redirection vulnerability that is triggered by web messaging. To solve this lab, construct an HTML page on the exploit server that exploits the vulnerability and alerts document.cookie.