Steps:
-
Setup an index.php script on your attacker host which will capture the password reset token and reset the admin's password
-
Run the python script which will initiate the password reset process
-
Once logged in as an admin whitelist the ".html" extension and configure the variables at the top of the XSS exploit
-
upload the .html file containining the XSS and target one of the Super Admins. You can send the link via private message, embedded somewhere on the website etc.