Web Security Academy, Lab: Exploiting cross-site scripting to steal cookies
This lab: Exploiting cross-site scripting to steal cookies, might be broken. I can only get my own session cookie sent to me, even with the proposed solution. It seems that the admin is not reading the comments.
I have just tried this lab and was able to solve it using the solution provided.
Are you using the payload supplied in the solution? Have you waited for a few seconds before polling the Collaborator to see if a victim has viewed the blog?
I edited my question, but it seems that didn't come through.
I'm actually not using Collaborator, instead i have it send the data to my own listener on the internet. Other than that i used the solution provided.
When i read the blog myself, i do receive my own cookie, but that is the only traffic i get from this lab and as such i was thinking maybe the bot wasn't reading the blog.
Maybe without Collaborator i just need to complete it via CSRF then...
If you’re not using Burp Collaborator then you can adapt the attack as described in the note on the lab, exploiting the XSS to perform CSRF. Good luck and let us know how you get on.