Web - Client

Monday 17 October 2022, 08:04 #1

Web - Client - XSS - Stored 1

4 posts

Hello, I get the cookie of the logged in user and send it with an ajax request to an external server. But it only works with me as a user. Even when the site tells me that my messages have been read, I do not receive any new request on the external server. What more should I do ?

Monday 5 June 2023, 18:50 #2

Web - Client - XSS - Stored 1

young_mind

2 posts

Yeap, the challenge is still buggy.
I tried two different methods:
1. I sent the user’s cookies to the same chat section of the page. but it only works on my own cookies(as if no admin is visiting the page).

2. I used an external service to capture requests, and then sent a GET request to that service containing the cookies, which did not work(as If no admin is visiting the page).

Wednesday 19 July 2023, 21:31 #3

Web - Client - XSS - Stored 1

poysa213

2 posts

yes the fetch method not work for me, but the documetn.location worked

Saturday 28 October 2023, 18:25 #4

Web - Client - XSS - Stored 1

Not_suspicious

1 posts

New reply

New topic