Stored XSS
To get the flag, use the same payload we used above, but change its JavaScript code to show the cookie instead of showing the url.
To solve this lab we just have to use the following payload:
<script>alert(document.cookie)</script>
And a pop appears with the flag!
Last updated