Vulnerable Web Application
Start Page
HTTP and HTML Security
HTML Tampering
Authentication Flaws
CSRF
Cross-Site Access (CORS)
PostMessage
Cross-site scripting (XSS)
Server-side
Client-side
Injection
SQL Injection
XPath Injection
An obfuscated HTML document is deployed at
https://idp-elearning.cloud.nds.rub.de/websec/postMessage/obfuscated.html
. It contains a secret token distributed via PostMessage. Implement your own code, calling the document and extracting the token.
