Web - Client

Friday 20 July 2018, 05:23  #1
Web - Client / XSS - Stored - filter bypass
nothing
nothing
  • 1 posts

Hi,
I’m stucking at get admin cookie via XSS. My payload can bypass filter and also redirect me to my proxy with my cookie included. But after waiting for bot read message, nothing return.
Have anyone hint me a bit about this challenge?
Tks.

Friday 20 July 2018, 14:24  #2
Web - Client / XSS - Stored - filter bypass
Th1b4ud
Th1b4ud
  • 1636 posts

Some XSS which works on your browser will not be execute by the bot. There is only one XSS available. The bot is CasperJS. You can install it to test your payload if you want.

Saturday 3 August 2019, 19:31  #3
Web - Client / XSS - Stored - filter bypass
ackbar03
ackbar03
  • 6 posts

Hi,

Is the casperjs running on phantomjs or slimjs? Does it make a difference?

Sunday 4 August 2019, 19:10  #4
Web - Client / XSS - Stored - filter bypass
bernardpuchon06
bernardpuchon06
  • 1 posts

thank you so much

Tuesday 29 October 2019, 17:40  #5
Web - Client / XSS - Stored - filter bypass
whitewolf3131
whitewolf3131
  • 1 posts

I sent a payload which redirects instantly to my proxy, without the admin having to use his mouse or anything and it still won’t work, so I’m guessing this challenge doesn’t simulate well a human being who actually enters the page. I ran out of ideas anyway.

New reply New reply   New topic New topic