THM - The Sticker Shop
3 min readDec 1, 2024
A writeup for the room The Sticker Shop on TryHackMe.
This room is a short challenge about Blind Cross-Site Scripting (XSS)
What is the content of flag.txt?
Footprinting
Our goal is to read the content of the page flag.txt.
If we try to open this page, we cannot read its content because we need to be authenticated.
We can try looking at the index page.
Nothing is interesting here except some pictures of cats.
Analyzing the feedback page
Besides the homepage, there is only one other page, called feedback.