XSS (Cross-site scripting) Skills Assessment

I got my script to be pulled by the admin account.

My script.js looks like this:

I tried even the image payload and it doesn’t seem to try to fetch it. Can someone point out the obvious to me?

you have to call for the script in the payload you’re injecting for it to work also use the PHP script they provide for you that calls for the cookie and the victim’s IP. I hope this helps and good luck

Hey, did you ever figure this out? I am having the same exact issue. My script executes but I don’t get a cookie in my response. Looks exactly like your photo’s with a 200 response on /script.js and then closes.

Anyone have any suggestions?

FYI - after working this for 4 evenings, someone suggested resetting the instance after unsuccessful attempts when you think it should work.
I did this, and boom! Hello Mr. Flag!

To ensure the script works, make sure to call it in the payload you’re injecting. Additionally, utilize the provided PHP script that retrieves the cookie and victim’s IP.

Here’s a step-by-step guide:

  1. Inject Script: Ensure that the script you want to execute is properly injected into the target environment. This might involve embedding it within HTML, JavaScript, or other relevant contexts.
  2. Include PHP Script: Use the provided PHP script that fetches the cookie and victim’s IP. Make sure this script is correctly integrated into your codebase and called at the appropriate point.
  3. Testing: Once everything is set up, test the payload to ensure it functions as expected. Monitor for any errors or unexpected behavior.
  4. Security Considerations: Remember to handle any sensitive information, such as cookies or IP addresses, with care and in accordance with privacy and security best practices.

By following these steps and utilizing the provided resources, you should be able to successfully execute the desired functionality. Good luck with your project!
Follow for more: https://www.blindflange.com/