Web - Client

Hello guys,

I figure out the xxs vulnerability and set up my tools to catch the request i get my cookie but the admin never "visits" the page to steal his cookie. Maybe tha chall has a bug can someone confirm this ? ty

i think i’m stuck exactly at the same point but when you will open session you can see a lot of additional cookie popping after doing the thing idk what to do with them

I get the cookie starting with "ADMIN_COOKIE=" and still the website tells me that it is wrong. This challenge is just broken.

Hi ExplorerIE,

If you really have the admin’s cookie value then check your input (trailing space?).
Validation on the website works, I just tested it. At worst case delete all site cookies and reconnect to try again.