Forum Discussion

Bronze I

3 months ago

Cross-Site Scripting: Ep.6 – Further Exploitation

I was stuck in one question looking for HINT. Extend the XSS vulnerability to view the contents of the /admin/token page with SSRF.

help & support

natelott

Bronze I

2 months ago

They key is knowing that you have to use python to host the remote .js file in parallel with netcat to listen for the response of the XSS malicious scripts. Additionally, there are two steps to expose the data. One exposes the username and token cookie (question 1&2) in the query parameters. The other displays the token in the html body. The example code snippets work with VERY minor modifications. One thing I did based on feedback from a peer, was to wrap Netcat in a look to keep it active in terminal for subsequent requests.

CyberSharpe
Bronze III
2 months ago
Agreed.
Run XSS exploit ensure your script allows this to loop with NC listening. Name and cookie given instantly. Then i hosted the payload using http.server and conducted SSRF this time using a different port number and NC. This dropped the full body then a cyber chef URLDecode the answer is available.
The actual script doesn’t need much work.

Forum Discussion

Cross-Site Scripting: Ep.6 – Further Exploitation

Related Content

Re: Cross-Site Scripting: Ep.6 – Further Exploitation

New Cyber Threat Intelligence Lab release!

Re: What are some good labs for learning the basics of malware analysis?

This Week in The Human Connection

New CTI Labs: Palo Alto Expedition Critical Vulnerabilities

Recent Discussions

Open Source Intelligence (OSINT): Boarding Pass

SuperSonic: Ep.6 – TEMPLE

Events & Breaches: Magecart Skimmer

CVE-2022-29799/CVE-2022-29800 (Nimbuspwn) – Defensive

Zeek - Demonstrate Your Skills