I had some tips from someone who did this box, but they don’t seem to work anymore. There is a field that is vulnerable to XSS (and yes I can get a response back to me). Tried to insert javascript with XMLHttpRequest to trigger my payload but without success. Who has some tips?
And things that seems to works, does not work an other time. Sometimes it can take a while before I get a response.