7. Looks like a basic blog, with a comment section and an admin portal. Clicking on the Admin
link sends us to the login page, and we know this is a XSS challenge, so the obvious place to
start is on the comments form which contains the fields Title, Author and Text. Going for the
most basic of basic XSS tests, we pop <script>alert(‘XSS’)</script> straight into the Text field
and get confirmation that the site is indeed vulnerable to XSS:
8. The assumption here is that there is an administrator who at some point will review the posted
comments on the site, and with a XSS vulnerability, we have a chance to steal his session cookie
value and use it to log into the site as the admin.
9. Create File Code
use some Javascript to run client-side in the victim’s browser, and some PHP code to
grab the cookie value and store it in a variable.
Let’s run a local web server to host this PHP an grab the cookie when the victim
views our blog post. There are lots of ways to do this, here’s my way: