This lab demonstrates a DOM-based redirection vulnerability that is triggered by web messaging. To solve this lab, construct an HTML page on the exploit server that exploits this vulnerability and calls the
Notice that the home page contains an
indexOf()check that looks for the strings
"https:"anywhere within the web message. It also contains the sink
Go to the exploit server and add the following
iframeto the body, remembering to replace
your-lab-idwith your lab ID:
- Store the exploit and deliver it to the victim.
"http:". The second argument specifies that any
targetOrigin is allowed for the web message.
iframe loads, the
"http:" string and proceeds to send the payload to the
location.href sink, where the
print() function is called.