So I am a bit stuck.
I was able to complete the secuirty shepherd which is literally a copy paste.
Though I understand the concept.
I tried taking on the XSS challenge - and I cant seem to get my head around it.
Its proving to be challenging to say the least.
I dug in enough to get the below info:
Getting to http://10.194.0.8/public_html/lists/admin/ revealed that the server is running
phplist - version 2.10.17
There is a vulnerability for this version
But no matter what I do on that login page - running never pops anything up.
Ive tried both the scripts on the exploit-db page (starting at the ?) and running their code even and that just wont go.
Am I trying to hit the wrong page and this admin page is a red herring?
Any guidance would be appreciated