THM - The Sticker Shop

A writeup for the room The Sticker Shop on TryHackMe

Can you exploit the sticker shop in order to capture the flag?

This room is a short challenge about Blind Cross-Site Scripting (XSS)

The Sticker Shop

What is the content of flag.txt?

Footprinting

Our goal is to read the content of the page flag.txt.

If we try to open this page, we cannot read its content because we need to be authenticated.

We can try looking at the index page.

Nothing is interesting here except some pictures of cats.

Analyzing the feedback page