Sending an xss payload to the server, viewing the inquiry “Response” url I can get it to respond to a python server and NC listener. Gotta figure out what I can do from there.
3 Likes
Do you know that there are private messages on the forum?)
2 Likes
So we should list the inquiries directory using XSS and see the hashed name of the file containing the message?
Can someone give a hint about how the XSS should be used?
Same here stuck on how to use XSS. I am blocked by CORS so I think we need maybe a CSRF to exploit the subdomain vulnerability. Tried it and did not work though. If anyone can help me I will be really happy 
1 Like
To look at something what can’t be seen the normal way
1 Like
can someone help me with xss?
can get their sever to issue a get request to me with xss and now I am stuck. any hints would help but I can’t seem to figure out what to do with it.
any nudge for the next step i had the source code of the app and got the access to the subdomain with 403 status
Btw, have any1 found a way to leak the creds in less than 18-25 min? Just wondering if there is a better way to do so
I’ve been at this for way too long lol starting to lose the fun factor for me. i thought i was on the right path using regex to iterate thru characters of the password, but i ended up getting false results -_-
I was too lazy to write some automation, but regex search patterns and binary search help me brute less than 10 minutes. [a-z].{10} [a-d].{10}
1 Like
Yeah, binary search + multi threading still take 18 min or more for me
Hello all,
Can someone pm me with a hint on foothold please?
Thanks!
pm me please
Lol that backspace at the end… hehe brilliant piece of detail!
4 Likes
same for me pm me
Hi, Can I get dm someone for help with foothold?
hello can someone help me with the password filtering, i have been trying things for a while but nothing works for me
does the password contain special chars? Capital letters? just to speed up my script:3