Added Wildcard postMessage detection

misconfiguration/wildcard-postmessage.yaml

@@ -0,0 +1,18 @@
+id: wildcard-postmessage
+
+info:
+  name: Wildcard postMessage detection
+  author: pdteam
+  severity: info
+  tags: xss
+  reference: https://jlajara.gitlab.io/web/2020/06/12/Dom_XSS_PostMessage.html
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}'
+
+    matchers:
+      - type: word
+        words:
+          - "postMessage(msg,'*')"