Ensure you are not using the fetch API, it doesn’t work for some reason (try XHR or document.location). Also ensure you are double encoding the \r\n (%250d%250a). Nothing else in the payload needs to be encoded if I recall correctly.
Thanks a lot! The problem was in fetch indeed.
1 Like
How to bypass firewall restrictions for admin? can’t figure out how to get his cookies without using remote resources. Give me a hint please
I am still pretty lost after some hours. Not sure how to force the admin to do anything, let alone submit a cookie. I can trigger a self-xss under /target but not sure what to do with /admin…
You don’t need to double encode it because it will be automatically when inputting %0d%0a, but it is double encoded in the end.
These hints are killer!!! If anyone is stuck, read it a couple of times! The hints from @il180 also helped a lot.
So, you won’t be able to trigger it via Repeater! You will only be able to see if your payload might be right interpreted by the Backend Server. The only way to trigger is by inputting in the form in the client side without sending the request via Repeater.
Yo do you have discord? I need some help on this