nuclei-templates/misconfiguration/wildcard-postmessage.yaml

19 lines
365 B
YAML

id: wildcard-postmessage
info:
name: Wildcard postMessage detection
author: pdteam
severity: info
reference: https://jlajara.gitlab.io/web/2020/06/12/Dom_XSS_PostMessage.html
tags: xss,postmessage
requests:
- method: GET
path:
- '{{BaseURL}}'
matchers:
- type: regex
regex:
- postMessage\([a-zA-Z]+,["']\*["']\)