Tags: csrf xss unintended-solution
**Intended:** Append` ; secure; samesite=none` to cookie. Now, `<script src="https://jason.2021.chall.actf.co/flags?callback=load"></script>` would retrieve the flag.
**Unintended:** Append `.actf.co` as domain to cookie using CSRF -> Setup a xss payload in reaction.py challenge -> Log in to this using CSRF -> Payload in Reaction.py exfiltrates document.cookie
I don't remember