LinkedInGitHub

DOM XSS

To get the flag, use the same payload we used above, but change its JavaScript code to show the cookie instead of showing the url.

For this lab we have to modify the payload we just learn in order to display the cookie:

<img src="" onerror=alert(document.cookie)>

And we successfully grab the flag!

PreviousReflected XSSNextXSS Discovery

Last updated