This lab demonstrates DOM-based client-side cookie manipulation. To solve this lab, inject a cookie that will cause XSS on a different page. You will need to use the exploit server in order to direct the victim to the correct pages. The lab is solved when the user's
document.cookie is alerted.
lastViewedProduct, whose value is the URL of the last product page that the user visited.
iframeto the body, remembering to replace
your-lab-idwith your lab ID:
<iframe src="https://your-lab-id.web-security-academy.net/product?productId=1&'><script>alert(document.cookie)</script>" onload="if(!window.x)this.src='https://your-lab-id.web-security-academy.net';window.x=1;">
The original source of the
iframe loads for the first time, the browser temporarily opens the malicious URL, which is then saved as the value of the
lastViewedProduct cookie. The
onload event handler ensures that the victim is then immediately redirected to the home page, unaware that this manipulation ever took place. While the victim's browser has the poisoned cookie saved, loading the home page will cause the payload to execute.