ADVANCED XSS AND CSRF EXPLOITATION - Skills Assessment

Thanks, I got it!

Hey bud can you give a hint for the second part? I’m a moderator already and I’m trying to exfiltrate the content of admin.php but I’m getting blocked by CORS and CPS, either way I used the file upload/task functionalities and the exploitserver :grimacing: :grimacing: :grimacing:

thanks, appreciate some help here!

[update]
Correct me if I’m wrong, but I think the exploitation here involves calling the file with the payload from the task to exfiltrate the content of admin.php, right? Am I at least on the right track with this?

Hi everyone, currently stuck on Advanced XSS and CSRF Exploitation skills assessment where I managed to extract the admin.php page and find the hidden API but keep getting {“error”:“Please specify a customer ID”}, tried fuzzing bunch of params but none worked, any hints?

managed to solve with help from others, /:id form of supplying the ID parameter and not through the GET parameter. /:id is a convention from frameworks