I’m currently working on the limited file upload section of the File Upload Attacks module and I’m able to get the XSS working but I can’t seem to do anything other then make the alert pop. I’ve tried a few different JS commands to read a file but nothing seems to work. I’ve attempted to use the XXE portion of the section and I can’t get anything to even upload let alone leverage it. Any help would be greatly appreciated!
Thanks for the reply! I was actually able to leverage the XXE only after I switched networks. Have you ever heard of a home router filtering requests? I ran into the same issue when I was doing the SQL injections module and I had to use the hotspot on my phone in order to send the SQL payloads.
Hello I’m looking for some information because I have a strange problem.
When I do perform the attack on the pwnbox It’s a success and when I do perform the same thing from my own computer the request is not reaching at all the server.
This is the case of an XXE payload.
Moreover, when I do perform with a XSS payload (alert function) from my computer the request reach the server but it’s very long time.
I don’t understand why the router will intercept and analyze the content since it goes thru a VPN connection