XSS (Cross-site scripting) Skills Assessment

I got my script to be pulled by the admin account.

My script.js looks like this:

I tried even the image payload and it doesn’t seem to try to fetch it. Can someone point out the obvious to me?

you have to call for the script in the payload you’re injecting for it to work also use the PHP script they provide for you that calls for the cookie and the victim’s IP. I hope this helps and good luck