This lab demonstrates a DOM-based redirection vulnerability that is triggered by web messaging. To solve this lab, construct an HTML page on the exploit server that exploits the vulnerability and alerts
indexOfcheck that looks for the strings
"https:"anywhere within the web message. It also contains the sink
iframeto the body, remembering to replace
your-lab-idwith your lab ID:
alert() payload, along with the string
"http:". The second argument specifies that any
targetOrigin is allowed for the web message.
iframe loads, the
"http:" string and proceeds to send the payload to the
location.href sink, where the
alert() function is called in the context of the client's session.