contact

Searching for the cookie

Challenge Information

  • Category: Web Security

  • Level: medium

  • Points: 100

description

simple search website we need to know which cookie to eat ;)

Solution

after access the lab we open it browser

site

first we input anything in search to see where stored in source code

ctrl + u to open source code badge and search for text you already input in my case i search for admin

source code

now we try to put payload to make alert : <script>alert(1)</script>

but it's doesn't work so let's go to see source code 😄

source code

soo, i see it we can close the first script in first of payload like this : </script>......,and open new script tags with the payload finally : </script><script>alert(1)</script>

alert

it's a good news, so let's go to get cookie 😄

we remove 1 and put document.cookie final payload ⇒

</script><script>alert(document.cookie)</script>

flag

done 🎉

PreviousI am LegendNextbean

Last updated