Web - Client

Thursday 30 January 2020, 04:28  #1
Web - Client: XSS stored 1
0Lucifer0
0Lucifer0
  • 2 posts

Hey, is this challenge still working?
My payload is automatically printing the cookie in the chatbox when a user with a cookie visit the page.
It works fine when i edit my cookies (the form autosend itself with the cookie) but i can’t see anything refreshing so maybe the admin is never going on this page ?

this bring two question to me:
 is the page suppose to be a chat box ? are we suppose to see the answer from admin on the same page ?
 is the only way to do it is by having my own server and posting to it ?

Friday 31 January 2020, 11:48  #2
Web - Client: XSS stored 1
Th1b4ud
Th1b4ud
  • 1636 posts

 It’s not a chatbox. The admin only read your message before delete it
 You can use beeceptor to handle admin cookie

Tuesday 4 February 2020, 00:44  #3
Web - Client: XSS stored 1
0Lucifer0
0Lucifer0
  • 2 posts

thanks should be enough to resolve this

Tuesday 23 June 2020, 16:21  #4
Web - Client: XSS stored 1
Animesh
Animesh
  • 1 posts

I don’t think the challenge is working. I used receptor, I’ve found the payload to run js, but when I do then receptor only catches my requests, there aren’t any admin requests

Wednesday 24 June 2020, 10:34  #5
Web - Client: XSS stored 1
Th1b4ud
Th1b4ud
  • 1636 posts

Challenge is working

New reply New reply   New topic New topic