Last updated
Was this helpful?
As usual the first step is to analyse the application, we have comment form so we fill it with random string like xxxx then open the developer tools and find where the user input is located in the html
let's try to inject a simple img payload in the comment field and try to trigger an alert
payload => <img src=x onerror=alert(1)>
now let's open burp suite collaborator
This payoad will make anyone who views the comment issue a Get request containing their cookie to your subdomain in the urlSearchParam c on the public Collaborator server.
if the collaborator didn't poll automatically make sure to click on Poll now
so this is the session
make sure to edit the session with the stolen one and save the edit, i used the Cookie Editor Extension you can use the devtools if you prefer
now refresh the page with the hijacked session, and the lab is solved
