search
LinkedInGitHub

Stored XSS

hashtag
To get the flag, use the same payload we used above, but change its JavaScript code to show the cookie instead of showing the url.

To solve this lab we just have to use the following payload: 

<script>alert(document.cookie)</script>

And a pop appears with the flag!

PreviousCross-Site Scripting (XSS)NextReflected XSS

Last updated