Web - Client
Sunday 1 October 2017, 18:09 #1
Web - Client / XSS stored 2
Hi all!
I think I need a little help on this one.....
I found the injection point and I manage to exfiltrate information to a requestbin.
Unfortunately this only works when I visit the page myself. The request does not trigger when the admin visits the page.
I tried several ways to have the page automatically call an url( <img>, window.open, <style> @import, autosubmit <form>) they all work for me but not for the admin.
I may be missing something obvious but I can see what...Even the slightest hint would help.
Thanks in advance.