November 25 will go down in the history books as the first time XSS appeared on BugForge. And what a journey it was!
Because the lab was about XSS, I tried to identify each point where an input of me would be reflected on the page. Quickly I found that the comment section of snippets could not escape simple XSS payloads. So I found my entry point. But what now?
To proof my stored XSS worked I would probably need something of a user looking at my payload. In the past I already saw that stuff would be stored inside localStorage. So that was where I would start looking. I opened op Collaborator, got my address and crafted a simple payload.
I put it just like that in the comment field and went to Collaborator. I made sure that I placed it on an admin snippet, in that case the admin would get an notification and 'read' the payload.
The response confirmed that someone with the property flag 🇧🇪 watched my exploit blow up 💥 in their admin face.
