From 80301e3f63ed74d8fa1e1ad530d3ac76e947170f Mon Sep 17 00:00:00 2001
From: sandeep <sandeep@projectdiscovery.io>
Date: Sat, 23 Oct 2021 23:34:49 +0530
Subject: [PATCH 1/3] Added Wildcard postMessage detection

---
 misconfiguration/wildcard-postmessage.yaml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 misconfiguration/wildcard-postmessage.yaml

diff --git a/misconfiguration/wildcard-postmessage.yaml b/misconfiguration/wildcard-postmessage.yaml
new file mode 100644
index 0000000000..dd396fc711
--- /dev/null
+++ b/misconfiguration/wildcard-postmessage.yaml
@@ -0,0 +1,18 @@
+id: wildcard-postmessage
+
+info:
+  name: Wildcard postMessage detection
+  author: pdteam
+  severity: info
+  tags: xss
+  reference: https://jlajara.gitlab.io/web/2020/06/12/Dom_XSS_PostMessage.html
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}'
+
+    matchers:
+      - type: word
+        words:
+          - "postMessage(msg,'*')"

From cd9195b7e4e33e01951658987c60a9e23f26401e Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Tue, 26 Oct 2021 23:48:28 +0530
Subject: [PATCH 2/3] Update wildcard-postmessage.yaml

---
 misconfiguration/wildcard-postmessage.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/misconfiguration/wildcard-postmessage.yaml b/misconfiguration/wildcard-postmessage.yaml
index dd396fc711..124d43b8f9 100644
--- a/misconfiguration/wildcard-postmessage.yaml
+++ b/misconfiguration/wildcard-postmessage.yaml
@@ -13,6 +13,6 @@ requests:
       - '{{BaseURL}}'
 
     matchers:
-      - type: word
-        words:
-          - "postMessage(msg,'*')"
+      - type: regex
+        regex:
+          - postMessage\([a-zA-Z]+,["']\*["']\)

From ec2907e6b022518611e625bfa8e4ab68654d4890 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Mon, 1 Nov 2021 14:54:51 +0530
Subject: [PATCH 3/3] Update wildcard-postmessage.yaml

---
 misconfiguration/wildcard-postmessage.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/misconfiguration/wildcard-postmessage.yaml b/misconfiguration/wildcard-postmessage.yaml
index 124d43b8f9..381ada1c40 100644
--- a/misconfiguration/wildcard-postmessage.yaml
+++ b/misconfiguration/wildcard-postmessage.yaml
@@ -4,8 +4,8 @@ info:
   name: Wildcard postMessage detection
   author: pdteam
   severity: info
-  tags: xss
   reference: https://jlajara.gitlab.io/web/2020/06/12/Dom_XSS_PostMessage.html
+  tags: xss
 
 requests:
   - method: GET