THM - The Sticker Shop

Francesco Pastore
3 min readDec 1, 2024

A writeup for the room The Sticker Shop on TryHackMe.

This room is a short challenge about Blind Cross-Site Scripting (XSS)

What is the content of flag.txt?

Footprinting

Our goal is to read the content of the page flag.txt.

If we try to open this page, we cannot read its content because we need to be authenticated.

We can try looking at the index page.

Nothing is interesting here except some pictures of cats.

Analyzing the feedback page

Besides the homepage, there is only one other page, called feedback.

--

--

Francesco Pastore
Francesco Pastore

Written by Francesco Pastore

An engineering student in Milan and a web developer for an IT company. Write about programming and cybersecurity topics.

No responses yet