Challenge 20: Javascript for Pentesters

Welcome John!

User Settings for UID:3476 www

Objectives:

  1. Find John's Password using an XSS vulnerability on this page
  2. Display the Password in the div with id "result"
  3. App stores password in Plain Text :(
  4. No Hardcoded values can be used - everything has to be figured out dynamically

Hints:

  1. Remember what you have learnt at Pentester Academy