Notice that the home page contains an
indexOf()check that looks for the strings
"https:"anywhere within the web message. It also contains the sink
Go to the exploit server and add the following
iframeto the body, remembering to replace
YOUR-LAB-IDwith your lab ID:
- Store the exploit and deliver it to the victim.
"http:". The second argument specifies that any
targetOrigin is allowed for the web message.
iframe loads, the
"http:" string and proceeds to send the payload to the
location.href sink, where the
print() function is called.