From 80301e3f63ed74d8fa1e1ad530d3ac76e947170f Mon Sep 17 00:00:00 2001
From: sandeep <sandeep@projectdiscovery.io>
Date: Sat, 23 Oct 2021 23:34:49 +0530
Subject: [PATCH] Added Wildcard postMessage detection

---
 misconfiguration/wildcard-postmessage.yaml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 misconfiguration/wildcard-postmessage.yaml

diff --git a/misconfiguration/wildcard-postmessage.yaml b/misconfiguration/wildcard-postmessage.yaml
new file mode 100644
index 0000000000..dd396fc711
--- /dev/null
+++ b/misconfiguration/wildcard-postmessage.yaml
@@ -0,0 +1,18 @@
+id: wildcard-postmessage
+
+info:
+  name: Wildcard postMessage detection
+  author: pdteam
+  severity: info
+  tags: xss
+  reference: https://jlajara.gitlab.io/web/2020/06/12/Dom_XSS_PostMessage.html
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}'
+
+    matchers:
+      - type: word
+        words:
+          - "postMessage(msg,'*')"