Tags: csrf xss unintended-solution 

Rating:

**Intended:** Append` ; secure; samesite=none` to cookie. Now, `<script src="https://jason.2021.chall.actf.co/flags?callback=load"></script>` would retrieve the flag.

**Unintended:** Append `.actf.co` as domain to cookie using CSRF -> Setup a xss payload in reaction.py challenge -> Log in to this using CSRF -> Payload in Reaction.py exfiltrates document.cookie

URL: [https://blog.bi0s.in/2021/04/08/Web/Jason-Angstrom21/](https://blog.bi0s.in/2021/04/08/Web/Jason-Angstrom21/)

Original writeup (https://blog.bi0s.in/2021/04/08/Web/Jason-Angstrom21/).