Challenge 21: Javascript for Pentesters

Welcome John!

API Endpoints www

Objectives:

  1. Find John's Secret Questions+Answers using an XSS vulnerability on this page
  2. Display the Questions+Answers in the div with id "result"
  3. Send the Questions+Answers to your Attack Server
  4. No Hardcoded values can be used - everything has to be figured out dynamically

Hints:

  1. Remember what you have learnt at Pentester Academy