Forum Discussion
They key is knowing that you have to use python to host the remote .js file in parallel with netcat to listen for the response of the XSS malicious scripts. Additionally, there are two steps to expose the data. One exposes the username and token cookie (question 1&2) in the query parameters. The other displays the token in the html body. The example code snippets work with VERY minor modifications. One thing I did based on feedback from a peer, was to wrap Netcat in a look to keep it active in terminal for subsequent requests.
- CyberSharpe3 months agoBronze III
Agreed.
Run XSS exploit ensure your script allows this to loop with NC listening. Name and cookie given instantly. Then i hosted the payload using http.server and conducted SSRF this time using a different port number and NC. This dropped the full body then a cyber chef URLDecode the answer is available.
The actual script doesn’t need much work.