nuclei-templates/misconfiguration/wildcard-postmessage.yaml

id: wildcard-postmessage

info:
  name: Wildcard postMessage detection
  author: pdteam
  severity: info
  reference: https://jlajara.gitlab.io/web/2020/06/12/Dom_XSS_PostMessage.html
  tags: xss

requests:
  - method: GET
    path:
      - '{{BaseURL}}'

    matchers:
      - type: regex
        regex:
          - postMessage\([a-zA-Z]+,["']\*["']\)
Added Wildcard postMessage detection 2021-10-23 18:04:49 +00:00			`id: wildcard-postmessage`

			`info:`
			`name: Wildcard postMessage detection`
			`author: pdteam`
			`severity: info`
			`reference: https://jlajara.gitlab.io/web/2020/06/12/Dom_XSS_PostMessage.html`
Update wildcard-postmessage.yaml 2021-11-01 09:24:51 +00:00			`tags: xss`
Added Wildcard postMessage detection 2021-10-23 18:04:49 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- '{{BaseURL}}'`

			`matchers:`
Update wildcard-postmessage.yaml 2021-10-26 18:18:28 +00:00			`- type: regex`
			`regex:`
			`- postMessage\([a-zA-Z]+,["']\*["']\)`