XSS Session Hijacking - Cannot identify vulnerable field

soid3t · March 24, 2023, 4:55pm

hello. looking through the topics ive noticed that im not alone with this problem and there is still no solution, that is why kindly ask for your help.

ive tried all provided payloads in the module multiple times, with and without '> ">, but sadly there is still no response in my php server. i receive signal only when going to http://IP directly from browser. should i try other payloads? should i encode them?

looking forward for some hint and thank you in advance

ghost_xvl19 · June 5, 2023, 7:00pm

hi, just want to ask if we solved it, because im stuck in there too

Anass0X · August 4, 2024, 3:38pm

One of the payloads given in the module should work, make sure the web application instance is working (cause sometimes it does not) and iterate throught the payloads making sure also your web server IP address is right

Topic		Replies	Views
Cross-Site Scripting(XSS) - Session Hijacking HTB Content	2	1066	January 17, 2023
Cross Site Scripting XSS Skills Assessment Academy skills-assessment	8	2593	July 9, 2024
Advanced XSS and CSRF Exploitation - XSS Filter Bypasses HTB Content htb-academy	0	39	September 15, 2024
HTB Backend Broken - Cross Site Scripting Session Hijacking - How to Work Around Broken Infrastructure? Academy	18	3134	June 5, 2024
HTB phishing challenge	0	75	July 6, 2024

XSS Session Hijacking - Cannot identify vulnerable field

Related topics