XSS - Merry XSSMas | Advent of Cyber 2025 - Day 11

This guide contains the answer and steps necessary to get to them for the XSS - Merry XSSMas room.

Table of contents

• Leave the Cookies, Take the Payload

Leave the Cookies, Take the Payload

1. Which type of XSS attack requires payloads to be persisted on the backend?

   This answer can be found in the text.

   Click for answer

   Stored

2. What's the reflected XSS flag?

   We can test to see if the website is indeed vulnerable to XSS.

   cmd

   Copy

   <script>alert('Reflected Meow Meow')</script>
   

   

   If we search for this term, we get our flag in the pup-up.

   cmd

   Copy

   https://trygiftme.thm/search?term=<script>alert( atob("VEhNe0V2aWxfQnVubnl9") )</script>
   

   

   Click for answer

   THM{Evil_Bunny}

3. What's the stored XSS flag?

   After adding this comment to the form and submit it. We get notified about the flag.

   

   If you are savvy, the flag can already be deduced from the search term and the comment. As it is Base64 encoded in the text.

   Click for answer

   THM{Evil_Stored_Egg}

4. If you enjoyed todays's room, you might want to have a look at the Intro to Cross-site Scripting room!