Rating: 3.7

* Prepare session with some XSS payload as the name
* Send the admin to a link which logs him into our session. This will the also redirect him to the “start” page and execute our payload.
* Our payloads needs to take the cookie and sent it to our server.

Original writeup (http://robinverton.de/ctf/googlectf-2017-joe-web/).