* Prepare session with some XSS payload as the name
* Send the admin to a link which logs him into our session. This will the also redirect him to the “start” page and execute our payload.
* Our payloads needs to take the cookie and sent it to our server.