Exploiting Cross-site Scripting to Capture Passwords (No Collaborator)

The title of this Burp lab is 'Exploiting Cross-site Scripting to Capture Passwords'. We include both the official solution and the 'No Collaborator' solution. Although this lab is designed to be solved with Burp's Collaborator feature, it is possible to solve it without. The alternative solution features a combination of XSS and CSRF to steal the admin password and take over the admin account. The exploit is made possible in part due to the auto-filling of credentials by web browsers. Support This Channel ====================== Please like and subscribe, it means a lot! Please buy me a coffee so I can continue to make content. https://buymeacoffee.com/zenshell Join our Discord   / discord   00:00 Introduction 00:24 The official solution 01:05 Exploring the lab 01:36 Exploring the official solution 04:44 Submitting the payload 05:40 Solving the lab 06:20 Explanation of the exploit 10:56 Alternative solution without collaborator 15:03 Key takeaways